[CI] Build linux packages for PRs and on master branch without publishing, publishing is available for schedules builds from master (nightly) and builds on client_release tag created #141
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is part of BOINC. | ||
# http://boinc.berkeley.edu | ||
# Copyright (C) 2023 University of California | ||
# | ||
# BOINC is free software; you can redistribute it and/or modify it | ||
# under the terms of the GNU Lesser General Public License | ||
# as published by the Free Software Foundation, | ||
# either version 3 of the License, or (at your option) any later version. | ||
# | ||
# BOINC is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
# See the GNU Lesser General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Lesser General Public License | ||
# along with BOINC. If not, see <http://www.gnu.org/licenses/>. | ||
name: Linux Package | ||
on: | ||
push: | ||
branches: [ 'master' ] | ||
tags: [ 'client_release/**' ] | ||
pull_request: | ||
branches: [ master ] | ||
schedule: | ||
- cron: '0 0 * * *' | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }} | ||
AWS_DEFAULT_REGION: us-west-2 | ||
PUBKEY: boinc.gpg # keep extension | ||
MANTAINER: Vitalii Koshura <lestat.de.lionkur@gmail.com> | ||
HOMEPAGE: https://boinc.berkeley.edu/ | ||
DESCRIPTION: BOINC lets you help cutting-edge science research using your computer. The BOINC app, running on your computer, downloads scientific computing jobs and runs them invisibly in the background. It's easy and safe. | ||
BASEREPO: https://boinc.berkeley.edu/dl/linux # no trailing slash | ||
jobs: | ||
prepare-binaries: | ||
name: Prepare Binaries | ||
runs-on: ubuntu-latest | ||
container: | ||
image: debian:buster | ||
env: | ||
AWS_ACCESS_KEY_ID: env.AWS_ACCESS_KEY_ID | ||
AWS_SECRET_ACCESS_KEY: env.AWS_SECRET_ACCESS_KEY | ||
AWS_DEFAULT_REGION: env.AWS_DEFAULT_REGION | ||
strategy: | ||
matrix: | ||
type: [client, manager] | ||
fail-fast: false | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 2 | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | ||
run: | | ||
echo "VCPKG_BINARY_SOURCES=clear;x-aws,s3://vcpkg.cache.boinc/,readwrite" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | ||
run: | | ||
echo "VCPKG_BINARY_SOURCES=clear;x-aws-config,no-sign-request;x-aws,s3://vcpkg.cache.boinc/,read" >> $GITHUB_ENV | ||
- name: Install dependencies | ||
run: | | ||
apt-get -qq update | ||
apt-get install -y autopoint make build-essential m4 pkg-config autoconf libtool git python3 python3-distutils curl zip unzip tar bison p7zip-full libx11-dev libxft-dev libxext-dev libdbus-1-dev libxi-dev libxtst-dev libxrandr-dev libnotify-dev | ||
- name: Install aws cli tool | ||
run: | | ||
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | ||
unzip awscliv2.zip | ||
./aws/install | ||
- name: Update Python packages to build Manager | ||
if: success() && matrix.type == 'manager' | ||
run: | | ||
pip install -U --user pip | ||
pip install --user jinja2 | ||
- name: Automake | ||
if: success() | ||
run: ./_autosetup | ||
- name: Configure client | ||
if: success() && matrix.type == 'client' | ||
run: linux/ci_configure_client.sh | ||
- name: Configure manager | ||
if: success() && matrix.type == 'manager' | ||
run: linux/ci_configure_manager.sh | ||
- name: Make | ||
if: success() | ||
run: make -j $(nproc --all) LDFLAGS="-static-libstdc++ -s" | ||
- name: Prepare logs on failure | ||
if: ${{ failure() }} | ||
run: python3 ./deploy/prepare_deployment.py logs | ||
- name: Upload logs on failure | ||
if: ${{ failure() }} | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: linux-package_logs_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: deploy/logs.7z | ||
- name: Prepare artifacts for deploy | ||
if: success() | ||
run: python3 ./deploy/prepare_deployment.py linux_${{ matrix.type }} | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
if: success() | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: deploy/linux_${{ matrix.type }}.7z | ||
build-deb-package: | ||
name: Build DEB Package | ||
runs-on: ubuntu-latest | ||
needs: prepare-binaries | ||
strategy: | ||
matrix: | ||
os: [jammy, focal, bullseye, buster] | ||
type: [client, manager] | ||
fail-fast: false | ||
env: | ||
ARCH: amd64 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
if: success() | ||
with: | ||
fetch-depth: 2 | ||
- name: Packages info preparation | ||
if: success() | ||
run: | | ||
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .) | ||
if [[ "x${PKG_VERSION}" == "x" ]]; then | ||
printf "Could not obtain release package version from version.h" | ||
exit 1 | ||
fi | ||
# Setup Environment vars | ||
PKG_NAME="boinc-${{ matrix.type }}" | ||
PKG_VERSION="${PKG_VERSION}-${{ github.run_number }}" | ||
PKG_FULL="${PKG_NAME}_${PKG_VERSION}_${{ env.ARCH }}" | ||
echo "PKG_VERSION=${PKG_VERSION}" >> $GITHUB_ENV | ||
echo "PKG_NAME=${PKG_NAME}" >> $GITHUB_ENV | ||
echo "PKG_FULL=${PKG_FULL}" >> $GITHUB_ENV | ||
echo "PUBKEY=${{ env.PUBKEY }}" >> $GITHUB_ENV | ||
echo "Package name: ${PKG_NAME}" | ||
echo "Package version: ${PKG_VERSION}" | ||
echo "Full package name: ${PKG_FULL}" | ||
echo "Key file: ${{ env.PUBKEY }}" | ||
- name: Download | ||
if: success() | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: pkgs/ | ||
- name: Prepare package | ||
if: success() | ||
run: | | ||
ls -l pkgs/ | ||
mkdir ${PKG_FULL} | ||
${{ github.workspace }}/.github/workflows/debrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}" | ||
- name: Prepare package definition | ||
if: success() | ||
run: | | ||
# Derive the package dependencies for the selected package / os / release combination selected | ||
cd ${{ github.workspace }}/.github/workflows/debrepo/ | ||
PKG_DEPS=$(bash package_depends.sh ${{ matrix.os }} linux_${{ matrix.type }}) | ||
echo "Dependencies: ${PKG_DEPS}" | ||
# Produce the package DEB definition | ||
cd "${{ github.workspace }}/${PKG_FULL}" | ||
echo "Name:${PKG_NAME} | ||
Package:${PKG_NAME} | ||
Version:${PKG_VERSION} | ||
Maintainer:${{ env.MANTAINER }} | ||
Depends:${PKG_DEPS} | ||
Architecture:${{ env.ARCH }} | ||
Homepage:${{ env.HOMEPAGE }} | ||
Description:${{ env.DESCRIPTION }}" \ | ||
> "${{ github.workspace }}/${PKG_FULL}/DEBIAN/control" | ||
echo "------------------------" | ||
cat "${{ github.workspace }}/${PKG_FULL}/DEBIAN/control" | ||
echo "------------------------" | ||
- name: Create Ubuntu Package | ||
if: ${{ success() && ( matrix.os == 'jammy' || matrix.os == 'focal') }} | ||
run: | | ||
cd ${{ github.workspace }}/ | ||
# Build the actual package for Ubuntu with XZ compression | ||
dpkg-deb -Zxz --build "${{ github.workspace }}/${PKG_FULL}" | ||
- name: Create Debian Package | ||
if: ${{ success() && ( matrix.os == 'bullseye' || matrix.os == 'buster') }} | ||
run: | | ||
cd ${{ github.workspace }}/ | ||
# Build the actual package for Debian with GZIP compression | ||
dpkg-deb -Zgzip --build "${{ github.workspace }}/${PKG_FULL}" | ||
- name: Get info from generated package | ||
if: success() | ||
run: | | ||
# Get info from the generated package | ||
dpkg-deb --info "${{ github.workspace }}/${PKG_FULL}.deb" | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
if: success() | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
path: ${{ github.workspace }}/${{ env.PKG_FULL }}.deb | ||
build-rpm-package: | ||
name: Build RPM Package | ||
runs-on: ubuntu-latest | ||
container: | ||
image: fedora:38 | ||
needs: prepare-binaries | ||
strategy: | ||
matrix: | ||
os: [fc38, fc37, suse15_5, suse15_4] | ||
type: [client, manager] | ||
fail-fast: false | ||
env: | ||
ARCH: x86_64 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
if: success() | ||
with: | ||
fetch-depth: 2 | ||
- name: DNF Preparation | ||
id: dnf-prep | ||
if: success() | ||
run: | | ||
sudo echo "max_parallel_downloads=10" >> /etc/dnf/dnf.conf | ||
sudo echo "fastestmirror=True" >> /etc/dnf/dnf.conf | ||
sudo dnf install -y wget rpm rpm-build rpm-sign expect createrepo_c dnf-utils jq p7zip-plugins | ||
- name: Packages info preparation | ||
if: success() | ||
run: | | ||
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .) | ||
if [[ "x${PKG_VERSION}" == "x" ]]; then | ||
printf "Could not obtain release package version from version.h" | ||
exit 1 | ||
fi | ||
# Setup Environment vars | ||
PKG_NAME="boinc-${{ matrix.type }}" | ||
PKG_VERSION="${PKG_VERSION}" | ||
PKG_FULL="${PKG_NAME}-${PKG_VERSION}-${{ github.run_number }}.${{ env.ARCH }}" | ||
echo "PKG_VERSION=${PKG_VERSION}" >> $GITHUB_ENV | ||
echo "PKG_NAME=${PKG_NAME}" >> $GITHUB_ENV | ||
echo "PKG_FULL=${PKG_FULL}" >> $GITHUB_ENV | ||
echo "PUBKEY=${{ env.PUBKEY }}" >> $GITHUB_ENV | ||
echo "Package name: ${PKG_NAME}" | ||
echo "Package version: ${PKG_VERSION}" | ||
echo "Full package name: ${PKG_FULL}" | ||
echo "Key file: ${{ env.PUBKEY }}" | ||
- name: Download | ||
if: success() | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | ||
path: pkgs/ | ||
- name: Create RPM folder | ||
if: success() | ||
run: | | ||
mkdir ${PKG_FULL} | ||
.github/workflows/rpmrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}" | ||
- name: Setup gpg keys | ||
if: ${{ success() && secrets.REPO_PRIV_KEY != 0 && secrets.REPO_KEY != 0 }} | ||
Check failure on line 296 in .github/workflows/linux-package.yml GitHub Actions / Linux PackageInvalid workflow file
|
||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key | ||
cp "boinc.pub.key" "${{ env.PUBKEY }}" | ||
- name: Setup test gpg keys | ||
if: ${{ success() && (secrets.REPO_PRIV_KEY == 0 || secrets.REPO_KEY == 0) }} | ||
run: | | ||
rm -rf .gnupg | ||
mkdir -m 0700 .gnupg | ||
touch .gnupg/gpg.conf | ||
chmod 600 .gnupg/gpg.conf | ||
tail -n +4 /usr/share/gnupg2/gpg-conf.skel > .gnupg/gpg.conf | ||
cd .gnupg | ||
gpg2 --list-keys | ||
cat >keydetails <<EOF | ||
%echo Generating a basic OpenPGP key | ||
Key-Type: RSA | ||
Key-Length: 2048 | ||
Subkey-Type: RSA | ||
Subkey-Length: 2048 | ||
Name-Real: User 1 | ||
Name-Comment: User 1 | ||
Name-Email: user@1.com | ||
Expire-Date: 0 | ||
%no-ask-passphrase | ||
%no-protection | ||
%pubring pubring.kbx | ||
%secring trustdb.gpg | ||
# Do a commit here, so that we can later print "done" :-) | ||
%commit | ||
%echo done | ||
EOF | ||
gpg2 --verbose --batch --gen-key keydetails | ||
echo -e "5\ny\n" | gpg2 --command-fd 0 --expert --edit-key user@1.com trust; | ||
gpg2 --list-keys | ||
cp .gnupg/pubring.gpg boinc.pub.key | ||
cp .gnupg/secring. boinc.priv.key | ||
- name: Create RPM Definition | ||
if: success() | ||
run: | | ||
# Derive the package dependencies for the selected package / os / release combination selected | ||
PKG_DEPS=$(bash .github/workflows/rpmrepo/package_depends.sh ${{ matrix.os }} linux_${{ matrix.type }}) | ||
PKG_FILELIST=$(bash .github/workflows/rpmrepo/package_filelist.sh ${{ matrix.os }} linux_${{ matrix.type }}) | ||
cd rpmbuild | ||
echo """ | ||
Name:${PKG_NAME} | ||
Version:${PKG_VERSION} | ||
Release:${{ github.run_number }} | ||
BuildArch:${{ env.ARCH }} | ||
URL:${{ env.HOMEPAGE }} | ||
Summary:${{ env.DESCRIPTION }} | ||
License:LGPL3+ | ||
Requires:${PKG_DEPS} | ||
%changelog | ||
# not extracted | ||
%description | ||
${{ env.DESCRIPTION }} | ||
%prep | ||
# nothing build is not done here | ||
%build | ||
# nothing to build | ||
%install | ||
cp -rfa * %{buildroot} | ||
%files | ||
${PKG_FILELIST} | ||
""" > SPECS/${PKG_FULL}.spec | ||
echo "------------------------" | ||
cat SPECS/${PKG_FULL}.spec | ||
echo "------------------------" | ||
- name: Build RPM Package | ||
if: success() | ||
run: | | ||
export GPG_TTY=$(tty) # fixes gpg signing | ||
# build package | ||
cd rpmbuild | ||
rpmbuild --define "_topdir `pwd`" -v -ba SPECS/* | ||
# keyring prepare | ||
gpg --import "../boinc.pub.key" | ||
gpg --import "../boinc.priv.key" | ||
#expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof' | ||
gpg --list-keys | ||
echo """%_signature gpg | ||
%_gpg_path ${HOME}/.gnupg | ||
%_gpg_name boinc | ||
%_gpgbin /usr/bin/gpg2 | ||
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}' | ||
""" > $HOME/.rpmmacros | ||
# import for rpm | ||
rpm --import "../boinc.pub.key" | ||
echo 'search for RPM' | ||
find . -name "*.rpm" | ||
# sign package | ||
rpm --addsign "RPMS/${{ env.ARCH }}/${PKG_FULL}.rpm" | ||
# check signature | ||
rpm --checksig "RPMS/${{ env.ARCH }}/${PKG_FULL}.rpm" | ||
rpm -qp --qf '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none)}|}|\n' "RPMS/${{ env.ARCH }}/${PKG_FULL}.rpm" | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
if: success() | ||
with: | ||
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
path: rpmbuild/RPMS/${{ env.ARCH }}/${{ env.PKG_FULL }}.rpm | ||
publish-deb-package: | ||
name: Publish DEB Package | ||
if: github.repository == 'BOINC/boinc' | ||
runs-on: ubuntu-latest | ||
needs: build-deb-package | ||
strategy: | ||
matrix: | ||
os: [jammy, focal, bullseye, buster] | ||
fail-fast: false | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() && secrets.REPO_PRIV_KEY != 0 && secrets.REPO_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (secrets.REPO_PRIV_KEY == 0 || secrets.REPO_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- uses: actions/checkout@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
with: | ||
fetch-depth: 2 | ||
- name: Install dependencies | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
# Install aptly version 1.5.0+ (to support ubuntu xz compression) | ||
# gpg1 is used for compatibility with aptly | ||
wget -qO - https://www.aptly.info/pubkey.txt | sudo apt-key add - | ||
echo "deb http://repo.aptly.info/ squeeze main" | sudo tee -a /etc/apt/sources.list | ||
sudo apt update -qq | ||
sudo apt-get install -y aptly gnupg1 gpgv1 | ||
- name: Setup GPG keys | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > ${{ github.workspace }}/boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > ${{ github.workspace }}/boinc.pub.key | ||
cp "${{ github.workspace }}/boinc.pub.key" "${{ github.workspace }}/${{ env.PUBKEY }}" | ||
- name: Download client | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_client_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
- name: Download manager | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_manager_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
- name: Check if Release type is alpha | ||
if: ${{ success() && env.SKIP_RUN == 0 && startsWith(github.ref, 'refs/tags/') }} | ||
run: | | ||
RELEASE_TYPE=alpha | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is nightly | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is not set | ||
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- name: Update or create the repository using aptly | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
# 0 true / 1 false | ||
ALLOW_CREATE=0 | ||
cd ${{ github.workspace }}/.github/workflows/debrepo/ | ||
./repo_update.sh "$ALLOW_CREATE" ${{ env.BASEREPO }} ${{ github.workspace }} ${{ matrix.os }} ${{ env.RELEASE_TYPE }} ${{ env.PUBKEY }} | ||
- uses: actions/upload-artifact@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
with: | ||
name: repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }} | ||
path: "${{ github.workspace }}/repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }}.tar.gz" | ||
- name: Deploy to boinc server | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
set -e | ||
curl -s --fail --write-out "%{http_code}" -F 'upload_file=@${{ github.workspace }}/repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }}.tar.gz' https://boinc.berkeley.edu/upload.php --cookie "auth=${{ secrets.BOINC_AUTH }}" --form "submit=on" | ||
publish-rpm-package: | ||
name: Publish RPM Package | ||
if: github.repository == 'BOINC/boinc' | ||
runs-on: ubuntu-latest | ||
container: | ||
image: fedora:38 | ||
needs: build-rpm-package | ||
strategy: | ||
matrix: | ||
os: [fc38, fc37, suse15_5, suse15_4] | ||
fail-fast: false | ||
env: | ||
ARCH: x86_64 | ||
PUBKEY_HASH: D4460B4F0EEDE2C0662092F640254C9B29853EA6 | ||
steps: | ||
- name: Check if build is running from origin repo | ||
if: ${{ success() &&secrets.REPO_PRIV_KEY != 0 && secrets.REPO_KEY != 0 }} | ||
run: | | ||
echo "SKIP_RUN=0" >> $GITHUB_ENV | ||
- name: Check if build is running from fork | ||
if: ${{ success() && (secrets.REPO_PRIV_KEY == 0 || secrets.REPO_KEY == 0) }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- uses: actions/checkout@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
with: | ||
fetch-depth: 2 | ||
- name: DNF Preparation | ||
id: dnf-prep | ||
run: | | ||
sudo echo "max_parallel_downloads=10" >> /etc/dnf/dnf.conf | ||
sudo echo "fastestmirror=True" >> /etc/dnf/dnf.conf | ||
sudo dnf install -y wget rpm rpm-build rpm-sign expect createrepo_c dnf-utils jq p7zip-plugins | ||
- name: Setup GPG keys | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key | ||
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key | ||
cp "boinc.pub.key" "${{ env.PUBKEY }}" | ||
# keyring prepare | ||
gpg --import "boinc.pub.key" | ||
gpg --import "boinc.priv.key" | ||
expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof' | ||
gpg --list-keys | ||
- name: Download client | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_client_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
- name: Download manager | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: linux-package_manager_${{ matrix.os }}_${{ github.event.pull_request.head.sha }} | ||
- name: Check if Release type is alpha | ||
if: ${{ success() && env.SKIP_RUN == 0 && startsWith(github.ref, 'refs/tags/') }} | ||
run: | | ||
RELEASE_TYPE=alpha | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is nightly | ||
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }} | ||
run: | | ||
RELEASE_TYPE=nightly | ||
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV | ||
- name: Check if Release type is not set | ||
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }} | ||
run: | | ||
echo "SKIP_RUN=1" >> $GITHUB_ENV | ||
- name: Update or create the repository | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
# Bash scripts do not support boolean values so convert to 0 true / 1 false | ||
# 0 true / 1 false | ||
ALLOW_CREATE=0 | ||
CWD=$(pwd) | ||
cd .github/workflows/rpmrepo/ | ||
# Updates or creates the repository | ||
./repo_update.sh "$ALLOW_CREATE" ${{ env.BASEREPO }} ${CWD} ${{ matrix.os }} ${{ env.RELEASE_TYPE }} ${{ env.PUBKEY }} ${{ env.PUBKEY_HASH }} ${{ env.ARCH }} | ||
- uses: actions/upload-artifact@v3 | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
with: | ||
name: repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }} | ||
path: "repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }}.tar.gz" | ||
- name: Deploy to boinc server | ||
if: ${{ success() && env.SKIP_RUN == 0 }} | ||
run: | | ||
set -e | ||
curl -s --fail --write-out "%{http_code}" -F 'upload_file=@repo-${{ env.RELEASE_TYPE }}-${{ matrix.os }}.tar.gz' https://boinc.berkeley.edu/upload.php --cookie "auth=${{ secrets.BOINC_AUTH }}" --form "submit=on" |