Skip to content

Commit

Permalink
[CI] Build linux packages for PRs and on master branch without publis…
Browse files Browse the repository at this point in the history 
…hing, publishing is available for schedules builds from master (nightly) and builds on client_release tag created

Signed-off-by: Vitalii Koshura <lestat.de.lionkur@gmail.com>
  • Loading branch information
@AenBleidd
AenBleidd committed Dec 17, 2023
1 parent 62275b1 commit c247a01
Showing 1 changed file with 78 additions and 56 deletions.
134 changes: 78 additions & 56 deletions .github/workflows/linux-package.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@
name: Linux Package
on:
push:
branches: [ 'master' ]
tags: [ 'client_release/**' ]
pull_request:
branches: [ master ]
schedule:
- cron: '0 0 * * *'

Expand All @@ -29,6 +32,8 @@ concurrency:
env:
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }}
REPO_PRIV_KEY: ${{ secrets.REPO_PRIV_KEY }}
REPO_KEY: ${{ secrets.REPO_KEY }}
AWS_DEFAULT_REGION: us-west-2
PUBKEY: boinc.gpg # keep extension
MANTAINER: Vitalii Koshura <lestat.de.lionkur@gmail.com>
Expand Down Expand Up @@ -75,6 +80,12 @@ jobs:
unzip awscliv2.zip
./aws/install
- name: Update Python packages to build Manager
if: success() && matrix.type == 'manager'
run: |
pip install -U --user pip
pip install --user jinja2
- name: Automake
if: success()
run: ./_autosetup
Expand Down Expand Up @@ -115,7 +126,6 @@ jobs:

build-deb-package:
name: Build DEB Package
if: github.repository == 'BOINC/boinc'
runs-on: ubuntu-latest
needs: prepare-binaries
strategy:
Expand All @@ -126,23 +136,13 @@ jobs:
env:
ARCH: amd64
steps:
- name: Check if build is running from origin repo
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }}
run: |
echo "SKIP_RUN=0" >> $GITHUB_ENV
- name: Check if build is running from fork
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }}
run: |
echo "SKIP_RUN=1" >> $GITHUB_ENV
- uses: actions/checkout@v3
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
with:
fetch-depth: 2

- name: Packages info preparation
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .)
if [[ "x${PKG_VERSION}" == "x" ]]; then
Expand All @@ -166,21 +166,21 @@ jobs:
echo "Key file: ${{ env.PUBKEY }}"
- name: Download
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
uses: actions/download-artifact@v3
with:
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }}
path: pkgs/

- name: Prepare package
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
ls -l pkgs/
mkdir ${PKG_FULL}
${{ github.workspace }}/.github/workflows/debrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}"
- name: Prepare package definition
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
# Derive the package dependencies for the selected package / os / release combination selected
cd ${{ github.workspace }}/.github/workflows/debrepo/
Expand All @@ -204,35 +204,34 @@ jobs:
echo "------------------------"
- name: Create Ubuntu Package
if: ${{ success() && env.SKIP_RUN == 0 && ( matrix.os == 'jammy' || matrix.os == 'focal') }}
if: ${{ success() && ( matrix.os == 'jammy' || matrix.os == 'focal') }}
run: |
cd ${{ github.workspace }}/
# Build the actual package for Ubuntu with XZ compression
dpkg-deb -Zxz --build "${{ github.workspace }}/${PKG_FULL}"
- name: Create Debian Package
if: ${{ success() && env.SKIP_RUN == 0 && ( matrix.os == 'bullseye' || matrix.os == 'buster') }}
if: ${{ success() && ( matrix.os == 'bullseye' || matrix.os == 'buster') }}
run: |
cd ${{ github.workspace }}/
# Build the actual package for Debian with GZIP compression
dpkg-deb -Zgzip --build "${{ github.workspace }}/${PKG_FULL}"
- name: Get info from generated package
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
# Get info from the generated package
dpkg-deb --info "${{ github.workspace }}/${PKG_FULL}.deb"
- name: Upload artifacts
uses: actions/upload-artifact@v3
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
with:
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }}
path: ${{ github.workspace }}/${{ env.PKG_FULL }}.deb

build-rpm-package:
name: Build RPM Package
if: github.repository == 'BOINC/boinc'
runs-on: ubuntu-latest
container:
image: fedora:38
Expand All @@ -245,30 +244,21 @@ jobs:
env:
ARCH: x86_64
steps:
- name: Check if build is running from origin repo
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }}
run: |
echo "SKIP_RUN=0" >> $GITHUB_ENV
- name: Check if build is running from fork
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }}
run: |
echo "SKIP_RUN=1" >> $GITHUB_ENV
- uses: actions/checkout@v3
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
with:
fetch-depth: 2

- name: DNF Preparation
id: dnf-prep
if: success()
run: |
sudo echo "max_parallel_downloads=10" >> /etc/dnf/dnf.conf
sudo echo "fastestmirror=True" >> /etc/dnf/dnf.conf
sudo dnf install -y wget rpm rpm-build rpm-sign expect createrepo_c dnf-utils jq p7zip-plugins
- name: Packages info preparation
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
PKG_VERSION=$(cat version.h | grep BOINC_VERSION_STRING | sed -e 's|#define BOINC_VERSION_STRING||' | jq -r .)
if [[ "x${PKG_VERSION}" == "x" ]]; then
Expand All @@ -292,27 +282,61 @@ jobs:
echo "Key file: ${{ env.PUBKEY }}"
- name: Download
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
uses: actions/download-artifact@v3
with:
name: linux-package_${{ matrix.type }}_${{ github.event.pull_request.head.sha }}
path: pkgs/

- name: Create RPM folder
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
mkdir ${PKG_FULL}
.github/workflows/rpmrepo/package_prepare.sh "${PKG_FULL}" "linux_${{ matrix.type }}"
- name: Setup gpg keys
if: ${{ success() && env.SKIP_RUN == 0 }}
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }}
run: |
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key
echo "${{ env.REPO_PRIV_KEY }}" > boinc.priv.key
echo "${{ env.REPO_KEY }}" > boinc.pub.key
cp "boinc.pub.key" "${{ env.PUBKEY }}"
- name: Setup test gpg keys
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }}
run: |
rm -rf .gnupg
mkdir -m 0700 .gnupg
touch .gnupg/gpg.conf
chmod 600 .gnupg/gpg.conf
tail -n +4 /usr/share/gnupg2/gpg-conf.skel > .gnupg/gpg.conf
cd .gnupg
gpg2 --list-keys
cat >keydetails <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: User 1
Name-Comment: User 1
Name-Email: user@1.com
Expire-Date: 0
%no-ask-passphrase
%no-protection
%pubring pubring.kbx
%secring trustdb.gpg
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
gpg2 --verbose --batch --gen-key keydetails
echo -e "5\ny\n" | gpg2 --command-fd 0 --expert --edit-key user@1.com trust;
gpg2 --list-keys
cp .gnupg/pubring.gpg boinc.pub.key
cp .gnupg/secring. boinc.priv.key
- name: Create RPM Definition
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
# Derive the package dependencies for the selected package / os / release combination selected
PKG_DEPS=$(bash .github/workflows/rpmrepo/package_depends.sh ${{ matrix.os }} linux_${{ matrix.type }})
Expand Down Expand Up @@ -353,7 +377,7 @@ jobs:
echo "------------------------"
- name: Build RPM Package
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
run: |
export GPG_TTY=$(tty) # fixes gpg signing
Expand All @@ -364,7 +388,7 @@ jobs:
# keyring prepare
gpg --import "../boinc.pub.key"
gpg --import "../boinc.priv.key"
expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof'
#expect -c 'spawn gpg --edit-key ${{ env.PUBKEY_HASH }} trust quit; send "5\ry\r"; expect eof'
gpg --list-keys
Expand All @@ -390,7 +414,7 @@ jobs:
- name: Upload artifacts
uses: actions/upload-artifact@v3
if: ${{ success() && env.SKIP_RUN == 0 }}
if: success()
with:
name: linux-package_${{ matrix.type }}_${{ matrix.os }}_${{ github.event.pull_request.head.sha }}
path: rpmbuild/RPMS/${{ env.ARCH }}/${{ env.PKG_FULL }}.rpm
Expand All @@ -406,12 +430,12 @@ jobs:
fail-fast: false
steps:
- name: Check if build is running from origin repo
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }}
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }}
run: |
echo "SKIP_RUN=0" >> $GITHUB_ENV
- name: Check if build is running from fork
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }}
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }}
run: |
echo "SKIP_RUN=1" >> $GITHUB_ENV
Expand All @@ -433,8 +457,8 @@ jobs:
- name: Setup GPG keys
if: ${{ success() && env.SKIP_RUN == 0 }}
run: |
echo "${{ secrets.REPO_PRIV_KEY }}" > ${{ github.workspace }}/boinc.priv.key
echo "${{ secrets.REPO_KEY }}" > ${{ github.workspace }}/boinc.pub.key
echo "${{ env.REPO_PRIV_KEY }}" > ${{ github.workspace }}/boinc.priv.key
echo "${{ env.REPO_KEY }}" > ${{ github.workspace }}/boinc.pub.key
cp "${{ github.workspace }}/boinc.pub.key" "${{ github.workspace }}/${{ env.PUBKEY }}"
- name: Download client
Expand All @@ -456,16 +480,15 @@ jobs:
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
- name: Check if Release type is nightly
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' }}
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }}
run: |
RELEASE_TYPE=nightly
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
- name: Check if Release type is not set
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }}
run: |
RELEASE_TYPE=nightly
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
echo "SKIP_RUN=1" >> $GITHUB_ENV
- name: Update or create the repository using aptly
if: ${{ success() && env.SKIP_RUN == 0 }}
Expand Down Expand Up @@ -503,12 +526,12 @@ jobs:
PUBKEY_HASH: D4460B4F0EEDE2C0662092F640254C9B29853EA6
steps:
- name: Check if build is running from origin repo
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }}
if: ${{ success() && env.REPO_PRIV_KEY != 0 && env.REPO_KEY != 0 }}
run: |
echo "SKIP_RUN=0" >> $GITHUB_ENV
- name: Check if build is running from fork
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }}
if: ${{ success() && (env.REPO_PRIV_KEY == 0 || env.REPO_KEY == 0) }}
run: |
echo "SKIP_RUN=1" >> $GITHUB_ENV
Expand All @@ -527,8 +550,8 @@ jobs:
- name: Setup GPG keys
if: ${{ success() && env.SKIP_RUN == 0 }}
run: |
echo "${{ secrets.REPO_PRIV_KEY }}" > boinc.priv.key
echo "${{ secrets.REPO_KEY }}" > boinc.pub.key
echo "${{ env.REPO_PRIV_KEY }}" > boinc.priv.key
echo "${{ env.REPO_KEY }}" > boinc.pub.key
cp "boinc.pub.key" "${{ env.PUBKEY }}"
# keyring prepare
gpg --import "boinc.pub.key"
Expand All @@ -555,16 +578,15 @@ jobs:
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
- name: Check if Release type is nightly
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' }}
if: ${{ success() && env.SKIP_RUN == 0 && github.ref == 'refs/heads/master' && github.event_name == 'schedule' }}
run: |
RELEASE_TYPE=nightly
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
- name: Check if Release type is not set
if: ${{ success() && env.SKIP_RUN == 0 && env.RELEASE_TYPE == 0 }}
run: |
RELEASE_TYPE=nightly
echo "RELEASE_TYPE=${RELEASE_TYPE}" >> $GITHUB_ENV
echo "SKIP_RUN=1" >> $GITHUB_ENV
- name: Update or create the repository
if: ${{ success() && env.SKIP_RUN == 0 }}
Expand Down

0 comments on commit c247a01

Please sign in to comment.