forked from platypush/platypush
Fabio Manganiello
39fb3026bf
The pipeline should check if the latest commit is an automated UI build commit before proceeding with a new build. We need this check in place to prevent pipelines triggered by a push in another pipeline that end up triggering other pipelines until a manual cancel.
306 lines
8 KiB
YAML
306 lines
8 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: default
|
|
|
|
volumes:
|
|
- name: docs
|
|
host:
|
|
path: /opt/docs/platypush
|
|
|
|
steps:
|
|
- name: github-mirror
|
|
image: alpine
|
|
environment:
|
|
SSH_PUBKEY:
|
|
from_secret: ssh_pubkey
|
|
SSH_PRIVKEY:
|
|
from_secret: ssh_privkey
|
|
|
|
commands:
|
|
- apk add --update --no-cache git openssh
|
|
- mkdir -p ~/.ssh
|
|
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
|
|
- |
|
|
cat <<EOF > ~/.ssh/id_rsa
|
|
$SSH_PRIVKEY
|
|
EOF
|
|
- chmod 0600 ~/.ssh/id_rsa
|
|
- ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
|
|
- git config --global --add safe.directory $PWD
|
|
- git remote add github git@github.com:/BlackLight/platypush.git
|
|
- git pull github master
|
|
- git push --all -v github
|
|
|
|
- name: docs
|
|
image: alpine
|
|
volumes:
|
|
- name: docs
|
|
path: /docs
|
|
|
|
commands:
|
|
- echo "Installing required build dependencies"
|
|
- apk add --update --no-cache make py3-sphinx py3-pip py3-paho-mqtt
|
|
- pip install -U hid sphinx-rtd-theme sphinx-book-theme
|
|
- pip install .
|
|
- mkdir -p /docs/current
|
|
- export APPDIR=$PWD
|
|
- rm -rf "$APPDIR/docs/build"
|
|
- echo "Building the updated documentation"
|
|
- cd "$APPDIR/docs"
|
|
- make html
|
|
- rm -f config*.yaml
|
|
- cd "$APPDIR"
|
|
- echo "Copying the new documentation files to the target folder"
|
|
- mv -v "$APPDIR/docs/build" /docs/new
|
|
- cd /docs
|
|
- mv current old
|
|
- mv new current
|
|
- rm -rf old
|
|
|
|
when:
|
|
event:
|
|
- tag
|
|
|
|
- name: tests
|
|
image: python:3.11-alpine
|
|
commands:
|
|
- apk add --update --no-cache redis
|
|
- apk add --update --no-cache --virtual build-base g++ rust
|
|
- pip install -U pip
|
|
- pip install .
|
|
- pip install -r requirements-tests.txt
|
|
- apk del build-base g++ rust
|
|
- pytest tests
|
|
|
|
- name: build-ui
|
|
image: node:current-alpine3.18
|
|
|
|
environment:
|
|
SSH_PUBKEY:
|
|
from_secret: ssh_pubkey
|
|
SSH_PRIVKEY:
|
|
from_secret: ssh_privkey
|
|
PGP_KEY:
|
|
from_secret: pgp_key
|
|
PGP_KEY_ID:
|
|
from_secret: pgp_key_id
|
|
|
|
when:
|
|
branch:
|
|
- master
|
|
event:
|
|
- push
|
|
|
|
depends_on:
|
|
- tests
|
|
|
|
commands:
|
|
- apk add --update --no-cache git
|
|
- git config --global --add safe.directory $PWD
|
|
- cd platypush/backend/http/webapp
|
|
- |
|
|
if [ $(git log --pretty=oneline $DRONE_COMMIT_AFTER...$DRONE_COMMIT_BEFORE . | wc -l) -eq 0 ]; then
|
|
echo "No UI changes detected, skipping build"
|
|
exit 0
|
|
fi
|
|
|
|
- |
|
|
if [ "$(git log --pretty=format:%s HEAD...HEAD~1)" == "[Automatic] Updated UI files" ]; then
|
|
echo "UI changes have already been committed, skipping build"
|
|
exit 0
|
|
fi
|
|
|
|
- rm -rf node_modules dist
|
|
- npm install
|
|
- npm run build
|
|
- |
|
|
if [ $(git status --porcelain dist | wc -l) -eq 0 ]; then
|
|
echo "No build files have been changed"
|
|
exit 0
|
|
fi
|
|
|
|
- apk add --update --no-cache bash gnupg openssh
|
|
- mkdir -p ~/.ssh
|
|
- |
|
|
cat <<EOF | gpg --import --armor
|
|
$PGP_KEY
|
|
EOF
|
|
|
|
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
|
|
- |
|
|
cat <<EOF > ~/.ssh/id_rsa
|
|
$SSH_PRIVKEY
|
|
EOF
|
|
- chmod 0600 ~/.ssh/id_rsa
|
|
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
- git config user.name "Platypush CI/CD Automation"
|
|
- git config user.email "admin@platypush.tech"
|
|
- git config commit.gpgsign true
|
|
- git config user.signingkey $PGP_KEY_ID
|
|
- git add dist
|
|
- git commit dist -S -m "[Automatic] Updated UI files" --no-verify
|
|
- git remote rm origin
|
|
- git remote add origin git@git.platypush.tech:platypush/platypush.git
|
|
- git push origin master
|
|
|
|
- name: update-arch-packages
|
|
image: python:3.11-alpine
|
|
environment:
|
|
WORKDIR: /tmp/workdir
|
|
SSH_PUBKEY:
|
|
from_secret: ssh_pubkey
|
|
SSH_PRIVKEY:
|
|
from_secret: ssh_privkey
|
|
|
|
when:
|
|
branch:
|
|
- master
|
|
event:
|
|
- push
|
|
|
|
depends_on:
|
|
- build-ui
|
|
|
|
commands:
|
|
- echo "-- Installing dependencies"
|
|
- apk add --update --no-cache curl git openssh pacman sudo
|
|
|
|
- echo "--- Parsing metadata"
|
|
- git config --global --add safe.directory $PWD
|
|
- git pull origin master --tags
|
|
- export VERSION=$(python setup.py --version)
|
|
- export HEAD=$(git log | head -1 | awk '{printf "%.8s", $2}')
|
|
- export GIT_VERSION="$VERSION.r$(git log --pretty=oneline HEAD...v$VERSION | wc -l).$HEAD"
|
|
- export TAG_URL="https://git.platypush.tech/platypush/platypush/archive/v$VERSION.tar.gz"
|
|
- export TAG_ARCHIVE="platypush-$VERSION.tar.gz"
|
|
- export CHECKSUM=$(curl --silent https://git.platypush.tech/platypush/platypush/archive/master.tar.gz | sha512sum | awk '{print $1}')
|
|
|
|
- echo "--- Preparing environment"
|
|
- mkdir -p ~/.ssh
|
|
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
|
|
- |
|
|
cat <<EOF > ~/.ssh/id_rsa
|
|
$SSH_PRIVKEY
|
|
EOF
|
|
- chmod 0600 ~/.ssh/id_rsa
|
|
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
|
|
- ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null
|
|
- adduser -u 1000 -D build
|
|
- mkdir -p $WORKDIR
|
|
|
|
- echo "--- Updating Arch git version"
|
|
- export PKGDIR=$WORKDIR/git
|
|
- git clone ssh://aur@aur.archlinux.org/platypush-git.git $PKGDIR
|
|
- git config --global --add safe.directory $PKGDIR
|
|
- chown -R build $PKGDIR
|
|
- cd $PKGDIR
|
|
- |
|
|
sed -i 'PKGBUILD' -r \
|
|
-e "s/^pkgver=.*/pkgver=$GIT_VERSION/" \
|
|
-e "s/^pkgrel=.*/pkgrel=1/" \
|
|
-e "s/^sha512sums=.*/sha512sums=('$CHECKSUM')/"
|
|
- sudo -u build makepkg --printsrcinfo > .SRCINFO
|
|
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
|
|
- |
|
|
if [ $FILES_CHANGED -gt 0 ]; then
|
|
echo "--- Pushing git package version $GIT_VERSION"
|
|
git commit -a -m '[Automatic] Package update'
|
|
git push origin master
|
|
fi
|
|
|
|
- echo "--- Updating Arch stable version"
|
|
- export PKGDIR=$WORKDIR/stable
|
|
- git clone ssh://aur@aur.archlinux.org/platypush.git $PKGDIR
|
|
- git config --global --add safe.directory $PKGDIR
|
|
- chown -R build $PKGDIR
|
|
- cd $PKGDIR
|
|
- export RELEASED_VERSION=$(grep -e '^pkgver=' PKGBUILD | sed -r -e 's/^pkgver=(.*)\s*/\1/')
|
|
- |
|
|
if [ "$RELEASED_VERSION" == "$VERSION" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
- export TAG_CHECKSUM=$(curl --silent "$TAG_URL" | sha512sum | awk '{print $1}')
|
|
- |
|
|
sed -i 'PKGBUILD' -r \
|
|
-e "s/^pkgver=.*/pkgver=$VERSION/" \
|
|
-e "s/^pkgrel=.*/pkgrel=1/" \
|
|
-e "s/^sha512sums=.*/sha512sums=('$TAG_CHECKSUM')/"
|
|
|
|
- sudo -u build makepkg --printsrcinfo > .SRCINFO
|
|
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
|
|
- |
|
|
if [ $FILES_CHANGED -gt 0 ]; then
|
|
echo "--- Pushing stable package version $VERSION"
|
|
git commit -a -m '[Automatic] Package update'
|
|
git push origin master
|
|
fi
|
|
|
|
- name: update-pip-package
|
|
image: python:3.11-alpine
|
|
environment:
|
|
TWINE_USERNAME:
|
|
from_secret: pypi_user
|
|
TWINE_PASSWORD:
|
|
from_secret: pypi_pass
|
|
|
|
when:
|
|
event:
|
|
- tag
|
|
|
|
depends_on:
|
|
- tests
|
|
- docs
|
|
|
|
commands:
|
|
- apk add --update --no-cache py3-twine
|
|
- python setup.py sdist bdist_wheel
|
|
- twine upload dist/platypush-$(python setup.py --version).tar.gz
|
|
|
|
- name: notify-release
|
|
image: python:3.11-alpine
|
|
environment:
|
|
WORKER_RPC_SECRET:
|
|
from_secret: worker_rpc_secret
|
|
|
|
when:
|
|
event:
|
|
- tag
|
|
|
|
depends_on:
|
|
- update-pip-package
|
|
- update-arch-packages
|
|
|
|
commands:
|
|
- apk add --update --no-cache curl
|
|
- |
|
|
curl --silent -XPOST \
|
|
-H "X-Token: $WORKER_RPC_SECRET" \
|
|
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-release?version=$(python setup.py --version)"
|
|
|
|
- name: notify-build-status
|
|
image: alpine
|
|
environment:
|
|
WORKER_RPC_SECRET:
|
|
from_secret: worker_rpc_secret
|
|
|
|
when:
|
|
branch:
|
|
- master
|
|
event:
|
|
- push
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
depends_on:
|
|
- update-arch-packages
|
|
|
|
commands:
|
|
- apk add --update --no-cache curl
|
|
- |
|
|
curl --silent -XPOST \
|
|
-H "X-Token: $WORKER_RPC_SECRET" \
|
|
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-build?status=$DRONE_BUILD_STATUS"
|