-
Notifications
You must be signed in to change notification settings - Fork 462
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CI] Build linux packages for PRs and on master branch without publis…
…hing, publishing is available for schedules builds from master (nightly) and builds on client_release tag created Signed-off-by: Vitalii Koshura <[email protected]>
- Loading branch information
Showing
1 changed file
with
80 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,7 +18,10 @@ | |
name: Linux Package | ||
on: | ||
push: | ||
branches: [ 'master' ] | ||
tags: [ 'client_release/**' ] | ||
pull_request: | ||
branches: [ master ] | ||
schedule: | ||
- cron: '0 0 * * *' | ||
|
||
|
@@ -29,6 +32,8 @@ concurrency: | |
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }} | ||
REPO_PRIV_KEY: ${{ secrets.REPO_PRIV_KEY }} | ||
REPO_KEY: ${{ secrets.REPO_KEY }} | ||
AWS_DEFAULT_REGION: us-west-2 | ||
PUBKEY: boinc.gpg # keep extension | ||
MANTAINER: Vitalii Koshura <[email protected]> | ||
|
@@ -67,14 +72,20 @@ jobs: | |
- name: Install dependencies | ||
run: | | ||
apt-get -qq update | ||
apt-get install -y autopoint make build-essential m4 pkg-config autoconf libtool git python3 python3-distutils curl zip unzip tar bison p7zip-full libx11-dev libxft-dev libxext-dev libdbus-1-dev libxi-dev libxtst-dev libxrandr-dev libnotify-dev | ||
apt-get install -y autopoint make build-essential m4 pkg-config autoconf libtool git python3 python3-distutils python3-pip curl zip unzip tar bison p7zip-full libx11-dev libxft-dev libxext-dev libdbus-1-dev libxi-dev libxtst-dev libxrandr-dev libnotify-dev | ||
- name: Install aws cli tool | ||
run: | | ||
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | ||
unzip awscliv2.zip | ||
./aws/install | ||
- name: Update Python packages to build Manager | ||
if: success() && matrix.type == 'manager' | ||
run: | | ||
pip3 install -U --user pip | ||
pip3 install --user jinja2 | ||
- name: Automake | ||
if: success() | ||
run: ./_autosetup | ||
|
@@ -115,7 +126,6 @@ jobs: | |
|
||
build-deb-package: | ||
name: Build DEB Package | ||
if: github.repository == 'BOINC/boinc' | ||
runs-on: ubuntu-latest | ||
needs: prepare-binaries | ||
strategy: | ||
|
@@ -126,23 +136,13 @@ jobs: | |
env: | ||
ARCH: amd64 | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- uses: actions/checkout@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
with: | ||
fetch-depth: 2 | ||
|
||
- name: Packages info preparation | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .) | ||
if [[ "x${PKG_VERSION}" == "x" ]]; then | ||
|
@@ -166,21 +166,21 @@ jobs: | |
echo "Key file: ${{ env.PUBKEY }}" | ||
- name: Download | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: pkgs/ | ||
|
||
- name: Prepare package | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
ls -l pkgs/ | ||
mkdir ${PKG_FULL} | ||
${{ github.workspace }}/.github/workflows/debrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}" | ||
- name: Prepare package definition | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
# Derive the package dependencies for the selected package / os / release combination selected | ||
cd ${{ github.workspace }}/.github/workflows/debrepo/ | ||
|
@@ -204,35 +204,34 @@ jobs: | |
echo "------------------------" | ||
- name: Create Ubuntu Package | ||
if: ${{ success() && env.SKIP_RUN == 0 && ( matrix.os == 'jammy' || matrix.os == 'focal') }} | ||
if: ${{ success() && ( matrix.os == 'jammy' || matrix.os == 'focal') }} | ||
run: | | ||
cd ${{ github.workspace }}/ | ||
# Build the actual package for Ubuntu with XZ compression | ||
dpkg-deb -Zxz --build "${{ github.workspace }}/${PKG_FULL}" | ||
- name: Create Debian Package | ||
if: ${{ success() && env.SKIP_RUN == 0 && ( matrix.os == 'bullseye' || matrix.os == 'buster') }} | ||
if: ${{ success() && ( matrix.os == 'bullseye' || matrix.os == 'buster') }} | ||
run: | | ||
cd ${{ github.workspace }}/ | ||
# Build the actual package for Debian with GZIP compression | ||
dpkg-deb -Zgzip --build "${{ github.workspace }}/${PKG_FULL}" | ||
- name: Get info from generated package | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
# Get info from the generated package | ||
dpkg-deb --info "${{ github.workspace }}/${PKG_FULL}.deb" | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
path: ${{ github.workspace }}/${{ env.PKG_FULL }}.deb | ||
|
||
build-rpm-package: | ||
name: Build RPM Package | ||
if: github.repository == 'BOINC/boinc' | ||
runs-on: ubuntu-latest | ||
container: | ||
image: fedora:38 | ||
|
@@ -245,30 +244,21 @@ jobs: | |
env: | ||
ARCH: x86_64 | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- uses: actions/checkout@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
with: | ||
fetch-depth: 2 | ||
|
||
- name: DNF Preparation | ||
id: dnf-prep | ||
if: success() | ||
run: | | ||
sudo echo "max_parallel_downloads=10" >> /etc/dnf/dnf.conf | ||
sudo echo "fastestmirror=True" >> /etc/dnf/dnf.conf | ||
sudo dnf install -y wget rpm rpm-build rpm-sign expect createrepo_c dnf-utils jq p7zip-plugins | ||
- name: Packages info preparation | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .) | ||
if [[ "x${PKG_VERSION}" == "x" ]]; then | ||
|
@@ -292,27 +282,62 @@ jobs: | |
echo "Key file: ${{ env.PUBKEY }}" | ||
- name: Download | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: pkgs/ | ||
|
||
- name: Create RPM folder | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
mkdir ${PKG_FULL} | ||
.github/workflows/rpmrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}" | ||
- name: Setup gpg keys | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }} | ||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key | ||
echo "${{ env.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ env.REPO_KEY }}" > boinc.pub.key | ||
cp "boinc.pub.key" "${{ env.PUBKEY }}" | ||
- name: Setup test gpg keys | ||
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }} | ||
run: | | ||
rm -rf .gnupg | ||
mkdir -m 0700 .gnupg | ||
touch .gnupg/gpg.conf | ||
chmod 600 .gnupg/gpg.conf | ||
# tail -n +4 /usr/share/gnupg2/gpg-conf.skel > .gnupg/gpg.conf | ||
cd .gnupg | ||
gpg --list-keys | ||
cat >keydetails <<EOF | ||
%echo Generating a basic OpenPGP key | ||
Key-Type: RSA | ||
Key-Length: 2048 | ||
Subkey-Type: RSA | ||
Subkey-Length: 2048 | ||
Name-Real: User 1 | ||
Name-Comment: User 1 | ||
Name-Email: [email protected] | ||
Expire-Date: 0 | ||
%no-ask-passphrase | ||
%no-protection | ||
%pubring pubring.kbx | ||
%secring trustdb.gpg | ||
# Do a commit here, so that we can later print "done" :-) | ||
%commit | ||
%echo done | ||
EOF | ||
gpg --verbose --batch --gen-key keydetails | ||
gpg --list-keys | ||
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key [email protected] trust; | ||
gpg --list-keys | ||
cp .gnupg/pubring.gpg boinc.pub.key | ||
cp .gnupg/secring.gpg boinc.priv.key | ||
- name: Create RPM Definition | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
# Derive the package dependencies for the selected package / os / release combination selected | ||
PKG_DEPS=$(bash .github/workflows/rpmrepo/package_depends.sh ${{ matrix.os }} linux_${{ matrix.type }}) | ||
|
@@ -353,7 +378,7 @@ jobs: | |
echo "------------------------" | ||
- name: Build RPM Package | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
run: | | ||
export GPG_TTY=$(tty) # fixes gpg signing | ||
|
@@ -364,7 +389,7 @@ jobs: | |
# keyring prepare | ||
gpg --import "../boinc.pub.key" | ||
gpg --import "../boinc.priv.key" | ||
expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof' | ||
#expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof' | ||
gpg --list-keys | ||
|
@@ -390,7 +415,7 @@ jobs: | |
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
if: success() | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
path: rpmbuild/RPMS/${{ env.ARCH }}/${{ env.PKG_FULL }}.rpm | ||
|
@@ -406,12 +431,12 @@ jobs: | |
fail-fast: false | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | ||
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | ||
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
|
@@ -433,8 +458,8 @@ jobs: | |
- name: Setup GPG keys | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > ${{ github.workspace }}/boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > ${{ github.workspace }}/boinc.pub.key | ||
echo "${{ env.REPO_PRIV_KEY }}" > ${{ github.workspace }}/boinc.priv.key | ||
echo "${{ env.REPO_KEY }}" > ${{ github.workspace }}/boinc.pub.key | ||
cp "${{ github.workspace }}/boinc.pub.key" "${{ github.workspace }}/${{ env.PUBKEY }}" | ||
- name: Download client | ||
|
@@ -456,16 +481,15 @@ jobs: | |
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is nightly | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' }} | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is not set | ||
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- name: Update or create the repository using aptly | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
|
@@ -503,12 +527,12 @@ jobs: | |
PUBKEY_HASH: D4460B4F0EEDE2C0662092F640254C9B29853EA6 | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | ||
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | ||
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
|
@@ -527,8 +551,8 @@ jobs: | |
- name: Setup GPG keys | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key | ||
echo "${{ env.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ env.REPO_KEY }}" > boinc.pub.key | ||
cp "boinc.pub.key" "${{ env.PUBKEY }}" | ||
# keyring prepare | ||
gpg --import "boinc.pub.key" | ||
|
@@ -555,16 +579,15 @@ jobs: | |
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is nightly | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' }} | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is not set | ||
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- name: Update or create the repository | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
|