From da9933db45cf6521c77f40fcfb4069c8a5c2eb11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Roth?= Date: Thu, 11 Apr 2024 22:10:28 +0200 Subject: [PATCH] github CI: nightly builds for multiple distributions Since the pipeline changed to use ucuntu22.04 runners, the nighty debian packages do not work on debian buster anymore. This change updates the pipeline to build for Ubuntu 20.04 and 22.04 as well as for Debian 10, 11 and 12. The distribution specific apt sources are as follows: "deb http://repo.aptly.info/nightly-bookworm bookworm main" (replace bookworm with focal, buster, bullseye. Install aptly repo key with: curl -fsS https://www.aptly.info/pubkey.txt | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/aptly.gpg) The builds on focal will also release to the legacy nightly apt repo: https://github.com/aptly-dev/aptly/actions/runs/8723898496/job/23933824692#step:7:24 This only affects nightly builds, for now. Pipeline example: [](https://github.com/aptly-dev/aptly/actions/runs/8723898496) --- .github/workflows/ci.yml | 61 ++++++++++++++++++++++------- upload-artifacts.sh | 84 +++++++++++++++++++++++++++++++--------- 2 files changed, 114 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 76659d69b..74f256df6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,19 +89,61 @@ jobs: files: coverage.txt release: - name: release needs: build - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + name: [Ubuntu-20, Ubuntu-22, Debian-10, Debian-11, Debian-12] + include: + - name: Ubuntu-20 + image: "ubuntu:20.04" + suite: focal + GOVER: '1.21' + install: "make ca-certificates git curl" + - name: Ubuntu-22 + image: "ubuntu:22.04" + suite: jammy + install: "make ca-certificates git curl golang" + - name: Debian-10 + image: "debian:buster" + suite: buster + GOVER: '1.21' + install: "make ca-certificates git curl" + - name: Debian-11 + image: "debian:bullseye" + suite: bullseye + GOVER: '1.21' + install: "make ca-certificates git curl" + - name: Debian-12 + image: "debian:bookworm" + suite: bookworm + install: "make ca-certificates git curl golang" + container: + image: ${{ matrix.image }} + env: + APT_LISTCHANGES_FRONTEND: none + DEBIAN_FRONTEND: noninteractive steps: + - name: Install O/S packages + run: | + apt-get update + apt-get install -y --no-install-recommends ${{ matrix.install }} + git config --global --add safe.directory "$GITHUB_WORKSPACE" + echo GOVER: ${{ env.GOVER }} + - name: Checkout repository uses: actions/checkout@v3 with: - # fetch the whole repot for `git describe` to + # fetch the whole repo for `git describe` to # work and get the nightly verion fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@v4 + if: ${{ matrix.GOVER != '' }} + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.GOVER }} - name: Make Release env: @@ -115,7 +157,7 @@ jobs: APTLY_USER: ${{ secrets.APTLY_USER }} APTLY_PASSWORD: ${{ secrets.APTLY_PASSWORD }} run: | - ./upload-artifacts.sh nightly + ./upload-artifacts.sh nightly ${{ matrix.suite }} - name: Publish release to aptly if: startsWith(github.event.ref, 'refs/tags') @@ -123,11 +165,4 @@ jobs: APTLY_USER: ${{ secrets.APTLY_USER }} APTLY_PASSWORD: ${{ secrets.APTLY_PASSWORD }} run: | - ./upload-artifacts.sh release - - - name: Upload artifacts to GitHub Release - if: startsWith(github.event.ref, 'refs/tags') - uses: softprops/action-gh-release@v1 - with: - body: Release ${{ github.ref }} generated by the CI. - files: build/* + ./upload-artifacts.sh release ${{ matrix.suite }} diff --git a/upload-artifacts.sh b/upload-artifacts.sh index 3a47db3f5..1c7d1c0d4 100755 --- a/upload-artifacts.sh +++ b/upload-artifacts.sh @@ -10,33 +10,83 @@ aptly_password="$APTLY_PASSWORD" aptly_api="https://aptly-ops.aptly.info" version=`make version` -echo "Publishing version '$version' to $1..." +action=$1 +dist=$2 -for file in $packages; do - echo "Uploading $file..." - curl -fsS -X POST -F "file=@$file" -u $aptly_user:$aptly_password ${aptly_api}/api/files/$folder +usage() { + echo "Usage: $0 nighly jammy|focal|bookworm" >&2 + echo " $0 release" >&2 +} + +if [ -z "$action" ]; then + usage + exit 1 +fi + +if [ "action" = "nightly" ] && [ -z "$dist" ]; then + usage + exit 1 +fi + +echo "Publishing version '$version' to $action for $dist...\n" + +upload() +{ + echo "\nUploading files:" + for file in $packages; do + echo " - $file" + curl -fsS -X POST -F "file=@$file" -u $aptly_user:$aptly_password ${aptly_api}/api/files/$folder + done echo -done +} +cleanup() { + echo "\nCleanup..." + curl -fsS -X DELETE -u $aptly_user:$aptly_password ${aptly_api}/api/files/$folder + echo +} +trap cleanup EXIT -if [ "$1" = "nightly" ]; then +if [ "$action" = "nightly" ]; then if echo "$version" | grep -vq "+"; then # skip nightly when on release tag exit 0 fi - aptly_repository=aptly-nightly - aptly_published=s3:repo.aptly.info:./nightly + aptly_repository=aptly-nightly-$dist + aptly_published=s3:repo.aptly.info:nightly-$dist + + upload - echo "Adding packages to $aptly_repository..." + echo "\nAdding packages to $aptly_repository ..." curl -fsS -X POST -u $aptly_user:$aptly_password ${aptly_api}/api/repos/$aptly_repository/file/$folder echo - echo "Updating published repo..." + echo "\nUpdating published repo $aptly_published ..." curl -fsS -X PUT -H 'Content-Type: application/json' --data \ - '{"AcquireByHash": true, "Signing": {"Batch": true, "Keyring": "aptly.repo/aptly.pub", - "secretKeyring": "aptly.repo/aptly.sec", "PassphraseFile": "aptly.repo/passphrase"}}' \ - -u $aptly_user:$aptly_password ${aptly_api}/api/publish/$aptly_published + '{"AcquireByHash": true, + "Signing": {"Batch": true, "Keyring": "aptly.repo/aptly.pub", "secretKeyring": "aptly.repo/aptly.sec", "PassphraseFile": "aptly.repo/passphrase"}}' \ + -u $aptly_user:$aptly_password ${aptly_api}/api/publish/$aptly_published/$dist echo + + if [ $dist = "focal" ]; then + echo "\nUpdating legacy nightly repo..." + + aptly_repository=aptly-nightly + aptly_published=s3:repo.aptly.info:./nightly + + upload + + echo "\nAdding packages to $aptly_repository ..." + curl -fsS -X POST -u $aptly_user:$aptly_password ${aptly_api}/api/repos/$aptly_repository/file/$folder + echo + + echo "\nUpdating published repo $aptly_published ..." + curl -fsS -X PUT -H 'Content-Type: application/json' --data \ + '{"AcquireByHash": true, "Signing": {"Batch": true, "Keyring": "aptly.repo/aptly.pub", + "secretKeyring": "aptly.repo/aptly.sec", "PassphraseFile": "aptly.repo/passphrase"}}' \ + -u $aptly_user:$aptly_password ${aptly_api}/api/publish/$aptly_published + echo + fi fi if [ "$1" = "release" ]; then @@ -44,16 +94,16 @@ if [ "$1" = "release" ]; then aptly_snapshot=aptly-$version aptly_published=s3:repo.aptly.info:./squeeze - echo "Adding packages to $aptly_repository..." + echo "\nAdding packages to $aptly_repository..." curl -fsS -X POST -u $aptly_user:$aptly_password ${aptly_api}/api/repos/$aptly_repository/file/$folder echo - echo "Creating snapshot $aptly_snapshot from repo $aptly_repository..." + echo "\nCreating snapshot $aptly_snapshot from repo $aptly_repository..." curl -fsS -X POST -u $aptly_user:$aptly_password -H 'Content-Type: application/json' --data \ "{\"Name\":\"$aptly_snapshot\"}" ${aptly_api}/api/repos/$aptly_repository/snapshots echo - echo "Switching published repo to use snapshot $aptly_snapshot..." + echo "\nSwitching published repo $aptly_published to use snapshot $aptly_snapshot..." curl -fsS -X PUT -H 'Content-Type: application/json' --data \ "{\"AcquireByHash\": true, \"Snapshots\": [{\"Component\": \"main\", \"Name\": \"$aptly_snapshot\"}], \"Signing\": {\"Batch\": true, \"Keyring\": \"aptly.repo/aptly.pub\", @@ -62,5 +112,3 @@ if [ "$1" = "release" ]; then echo fi -curl -fsS -X DELETE -u $aptly_user:$aptly_password ${aptly_api}/api/files/$folder -echo