---
kind: pipeline
type: docker
name: default
volumes:
- name: docs
host:
path: /opt/docs/platypush
steps:
###
### Mirror the current repository state to Github
###
- name: github-mirror
image: alpine
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
commands:
- apk add --update --no-cache git openssh
- mkdir -p ~/.ssh
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
- git config --global --add safe.directory $PWD
- git remote add github git@github.com:/BlackLight/platypush.git
- git pull --rebase github "$(git branch | head -1 | awk '{print $2}')" || echo "No such branch on Github"
- git push --all -v github
###
### Synchronize the `stable` branch to the new release
###
- name: sync-stable-branch
image: alpine
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
PGP_KEY:
from_secret: pgp_key
PGP_KEY_ID:
from_secret: pgp_key_id
commands:
- apk add --update --no-cache git bash gnupg openssh
# Backup the original git configuration before changing attributes
- export GIT_CONF=$PWD/.git/config
- cp $GIT_CONF /tmp/git.config.orig
- git config --global --add safe.directory $PWD
# Install the SSH and PGP keys
- mkdir -p ~/.ssh
- |
cat <<EOF | gpg --import --armor
$PGP_KEY
EOF
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
# Git configuration
- git config user.name "Platypush CI/CD Automation"
- git config user.email "admin@platypush.tech"
- git config commit.gpgsign true
- git config user.signingkey $PGP_KEY_ID
- git remote rm origin
- git remote add origin git@git.platypush.tech:platypush/platypush.git
# Merge and push to the `stable` branch
- git checkout stable
- git rebase master
- git push -u origin stable
- git checkout master
# Restore the original git configuration
- mv /tmp/git.config.orig $GIT_CONF
when:
event:
- tag
###
### Rebuild the docs
###
- name: docs
image: alpine
volumes:
- name: docs
path: /docs
commands:
- echo "Installing required build dependencies"
- apk add --update --no-cache make py3-sphinx py3-pip py3-paho-mqtt $(cat platypush/install/requirements/alpine.txt)
- pip install -U hid sphinx-rtd-theme sphinx-book-theme
- pip install .
- mkdir -p /docs/current
- export APPDIR=$PWD
- rm -rf "$APPDIR/docs/build"
- echo "Building the updated documentation"
- cd "$APPDIR/docs"
- make html
- rm -f config*.yaml
- cd "$APPDIR"
- echo "Copying the new documentation files to the target folder"
- mv -v "$APPDIR/docs/build" /docs/new
- cd /docs
- mv current old
- mv new current
- rm -rf old
when:
event:
- tag
depends_on:
- sync-stable-branch
###
### Run the tests
###
- name: tests
image: alpine
commands:
- apk add --update --no-cache $(cat platypush/install/requirements/alpine.txt)
- pip install .
- pip install -r requirements-tests.txt
- pytest tests
###
### Rebuild the UI files
###
- name: build-ui
image: node:current-alpine3.18
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
PGP_KEY:
from_secret: pgp_key
PGP_KEY_ID:
from_secret: pgp_key_id
when:
branch:
- master
event:
- push
depends_on:
- tests
commands:
- apk add --update --no-cache git
# Backup the original git configuration before changing attributes
- export GIT_CONF=$PWD/.git/config
- cp $GIT_CONF /tmp/git.config.orig
- git config --global --add safe.directory $PWD
- cd platypush/backend/http/webapp
- |
if [ $(git log --pretty=oneline $DRONE_COMMIT_AFTER...$DRONE_COMMIT_BEFORE . | wc -l) -eq 0 ]; then
echo "No UI changes detected, skipping build"
exit 0
fi
- |
if [ "$(git log --pretty=format:%s HEAD...HEAD~1 | head -1)" == "[Automatic] Updated UI files" ]; then
echo "UI changes have already been committed, skipping build"
exit 0
fi
- rm -rf node_modules
- npm install
- npm run build
- |
if [ $(git status --porcelain dist | wc -l) -eq 0 ]; then
echo "No build files have been changed"
exit 0
fi
- apk add --update --no-cache bash gnupg openssh
- mkdir -p ~/.ssh
- |
cat <<EOF | gpg --import --armor
$PGP_KEY
EOF
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
- git config user.name "Platypush CI/CD Automation"
- git config user.email "admin@platypush.tech"
- git config commit.gpgsign true
- git config user.signingkey $PGP_KEY_ID
- git add dist
- git commit dist -S -m "[Automatic] Updated UI files" --no-verify
- git remote rm origin
- git remote add origin git@git.platypush.tech:platypush/platypush.git
- git push -f origin master
# Restore the original git configuration
- mv /tmp/git.config.orig $GIT_CONF
###
### Update the Arch packages
###
- name: update-arch-packages
image: python:3.11-alpine
environment:
WORKDIR: /tmp/workdir
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- apk add --update --no-cache curl git openssh pacman sudo
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python setup.py --version)
- export HEAD=$(git log --pretty=format:%h HEAD...HEAD~1 | head -1)
- export GIT_VERSION="$VERSION.r$(git log --pretty=oneline HEAD...v$VERSION | wc -l).$HEAD"
- export TAG_URL="https://git.platypush.tech/platypush/platypush/archive/v$VERSION.tar.gz"
- echo "--- Preparing environment"
- mkdir -p ~/.ssh
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
- ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null
- adduser -u 1000 -D build
- mkdir -p $WORKDIR
- echo "--- Updating Arch git version"
- export PKGDIR=$WORKDIR/git
- git clone ssh://aur@aur.archlinux.org/platypush-git.git $PKGDIR
- git config --global --add safe.directory $PKGDIR
- chown -R build $PKGDIR
- cd $PKGDIR
- |
sed -i 'PKGBUILD' -r \
-e "s/^pkgver=.*/pkgver=$GIT_VERSION/" \
-e "s/^pkgrel=.*/pkgrel=1/" \
- sudo -u build makepkg --printsrcinfo > .SRCINFO
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
- |
if [ $FILES_CHANGED -gt 0 ]; then
echo "--- Pushing git package version $GIT_VERSION"
git commit -a -m '[Automatic] Package update'
git push origin master
fi
- echo "--- Updating Arch stable version"
- export PKGDIR=$WORKDIR/stable
- git clone ssh://aur@aur.archlinux.org/platypush.git $PKGDIR
- git config --global --add safe.directory $PKGDIR
- chown -R build $PKGDIR
- cd $PKGDIR
- export RELEASED_VERSION=$(grep -e '^pkgver=' PKGBUILD | sed -r -e 's/^pkgver=(.*)\s*/\1/')
- |
if [ "$RELEASED_VERSION" == "$VERSION" ]; then
exit 0
fi
- export TAG_CHECKSUM=$(curl --silent "$TAG_URL" | sha512sum | awk '{print $1}')
- |
sed -i 'PKGBUILD' -r \
-e "s/^pkgver=.*/pkgver=$VERSION/" \
-e "s/^pkgrel=.*/pkgrel=1/" \
-e "s/^sha512sums=.*/sha512sums=('$TAG_CHECKSUM')/"
- sudo -u build makepkg --printsrcinfo > .SRCINFO
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
- |
if [ $FILES_CHANGED -gt 0 ]; then
echo "--- Pushing stable package version $VERSION"
git commit -a -m '[Automatic] Package update'
git push origin master
fi
###
### Update the Debian (stable) packages
###
- name: update-debian-stable-packages
image: debian:stable
privileged: true # Required to use the FUSE module for s3fs
environment:
DEB_VERSION: stable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- apt update
- apt install -y curl dpkg-dev gpg git python3 python3-pip s3fs
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export GIT_VERSION="$VERSION-$(( $(git log --pretty=oneline HEAD...v$VERSION | wc -l) + 1))"
- export GIT_BUILD_DIR="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all"
- export GIT_DEB="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all.deb"
- echo "--- Building git package"
- pip install --prefix="$GIT_BUILD_DIR/usr" --no-cache --no-deps .
- |
find "$GIT_BUILD_DIR" -name "site-packages" | while read dir; do
base="$(dirname "$dir")"
mv "$dir" "$base/dist-packages"
done
- mkdir -p "$GIT_BUILD_DIR/DEBIAN"
- |
cat <<EOF > "$GIT_BUILD_DIR/DEBIAN/control"
Package: $PKG_NAME
Version: $GIT_VERSION
Maintainer: Fabio Manganiello <fabio@platypush.tech>
Depends: $(cat platypush/install/requirements/debian.txt | tr '\n' ',' | sed -re 's/,$//' -e 's/,/, /g')
Architecture: all
Homepage: https://platypush.tech
Description: Universal command executor and automation hub.
EOF
- dpkg --build "$GIT_BUILD_DIR"
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export APT_ROOT="$BUCKET_MNT/apt"
- echo "--- Pushing package to the S3 bucket"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/dev"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/dev/"
# If main/all/Packages doesn't exist, then we should create the first main release
- export PKGURL="https://apt.platypush.tech/dists/$DEB_VERSION/main/all/Packages"
- |
[ -z "$UPDATE_STABLE_PKG" ] &&
curl -ILs -o /dev/null -w "%{http_code}" "$PKGURL" |
grep -e '^4' >/dev/null && export UPDATE_STABLE_PKG=1
# If the published release version differs from the current one, then we should publish a new main release
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
RELEASED_VERSION=$(curl -s "$PKGURL" | grep -e '^Version: ' | head -1 | awk '{print $2}' | cut -d- -f 1)
[ "$RELEASED_VERSION" != "$VERSION" ] && export UPDATE_STABLE_PKG=1
fi
# Don't proceed and update the main release if it hasn't changed
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
exit 0
fi
- echo "--- Updating main package"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/main"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/main/$${PKG_NAME}_$${VERSION}-1_all.deb"
###
### Update the Debian (oldstable) packages
###
- name: update-debian-oldstable-packages
image: debian:oldstable
environment:
DEB_VERSION: oldstable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_URL: s3://platypush-pkg/apt
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "-- Installing dependencies"
- apt update
- apt install -y curl dpkg-dev gpg git python3 python3-pip
- pip install awscli
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export GIT_VERSION="$VERSION-$(( $(git log --pretty=oneline HEAD...v$VERSION | wc -l) + 1))"
- export GIT_BUILD_DIR="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all"
- export GIT_DEB="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all.deb"
- echo "--- Building git package"
- pip install --prefix="$GIT_BUILD_DIR/usr" --no-cache --no-deps .
- |
find "$GIT_BUILD_DIR" -name "site-packages" | while read dir; do
base="$(dirname "$dir")"
mv "$dir" "$base/dist-packages"
done
- mkdir -p "$GIT_BUILD_DIR/DEBIAN"
- |
cat <<EOF > "$GIT_BUILD_DIR/DEBIAN/control"
Package: $PKG_NAME
Version: $GIT_VERSION
Maintainer: Fabio Manganiello <fabio@platypush.tech>
Depends: $(cat platypush/install/requirements/debian.txt | tr '\n' ',' | sed -re 's/,$//' -e 's/,/, /g')
Architecture: all
Homepage: https://platypush.tech
Description: Universal command executor and automation hub.
EOF
- dpkg --build "$GIT_BUILD_DIR"
- echo "--- Pushing package to the S3 bucket"
- aws s3 cp "$GIT_DEB" "$S3_URL/pool/$DEB_VERSION/dev/"
# If main/all/Packages doesn't exist, then we should create the first main release
- export PKGURL="https://apt.platypush.tech/dists/$DEB_VERSION/main/all/Packages"
- |
[ -z "$UPDATE_STABLE_PKG" ] &&
curl -ILs -o /dev/null -w "%{http_code}" "$PKGURL" |
grep -e '^4' >/dev/null && export UPDATE_STABLE_PKG=1
# If the published release version differs from the current one, then we should publish a new main release
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
RELEASED_VERSION=$(curl -s "$PKGURL" | grep -e '^Version: ' | head -1 | awk '{print $2}' | cut -d- -f 1)
[ "$RELEASED_VERSION" != "$VERSION" ] && export UPDATE_STABLE_PKG=1
fi
# Don't proceed and update the main release if it hasn't changed
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
exit 0
fi
- echo "--- Updating main package"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/main"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/main/$${PKG_NAME}_$${VERSION}-1_all.deb"
###
### Updates the APT repository after new packages have been pushed
###
- name: update-apt-repo
image: debian:stable
privileged: true # Required to use the FUSE module for s3fs
environment:
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
PGP_PUBKEY:
from_secret: apt_pgp_pub_key
PGP_PRIVKEY:
from_secret: apt_pgp_priv_key
when:
branch:
- master
event:
- push
depends_on:
- update-debian-stable-packages
- update-debian-oldstable-packages
commands:
- echo "-- Installing dependencies"
- apt update
- apt install -y s3fs dpkg-dev gpg
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export APT_ROOT="$BUCKET_MNT/apt"
- mkdir -p "$APT_ROOT"
- echo "-- Creating a new apt root folder"
- export TMP_APT_ROOT="/tmp/apt"
- cp -r "$APT_ROOT" "$TMP_APT_ROOT"
- echo "-- Cleaning up older apt releases"
- |
find "$TMP_APT_ROOT/pool" -mindepth 2 -maxdepth 2 -type d | while read reldir; do
pkg_to_remove=$(( $(ls "$reldir"/*.deb | wc -l) - 1 ))
[ $pkg_to_remove -le 0 ] && continue
ls "$reldir"/*.deb | sort -V | head -n$pkg_to_remove | xargs rm -f
done
- echo "-- Updating Packages files"
- |
echo "stable\noldstable" | while read distro; do
echo "main\ndev" | while read branch; do
branch_dir="$TMP_APT_ROOT/pool/$distro/$branch"
[ -d "$branch_dir" ] || continue
dist_dir="$TMP_APT_ROOT/dists/$distro/$branch/all"
mkdir -p "$dist_dir"
pkg_file="$dist_dir/Packages"
dpkg-scanpackages --arch all "$branch_dir" > "$pkg_file"
sed -i "$pkg_file" -re "s|^Filename: $TMP_APT_ROOT/|Filename: |"
cat "$pkg_file" | gzip -9 > "$pkg_file.gz"
done
done
- echo "-- Updating Release files"
- |
add_hashes() {
dist_dir=$1
hash_cmd=$2
hash_label=$3
echo "$hash_label:"
find "$dist_dir" -name 'Packages*' | while read file; do
basename="$(echo "$file" | sed -r -e "s|^$dist_dir/||")"
hash="$($hash_cmd "$file" | cut -d" " -f1)"
size="$(wc -c < $file)"
echo " $hash $size $basename"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-i386/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-amd64/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-armel/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-armhf/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-arm64/|')"
done
}
echo "stable\noldstable" | while read distro; do
dist_dir="$TMP_APT_ROOT/dists/$distro"
components=$(find "$dist_dir" -name Packages | awk -F '/' '{print $(NF-2)}' | uniq | tr '\n' ' ')
release_file="$dist_dir/Release"
cat <<EOF > "$release_file"
Origin: Platypush repository
Label: Platypush
Suite: $distro
Codename: $distro
Architectures: i386 amd64 armel armhf arm64
Components: $components
Description: The official APT repository for Platypush
Date: $(date -Ru)
EOF
add_hashes "$dist_dir" "md5sum" "MD5Sum" >> "$release_file"
add_hashes "$dist_dir" "sha1sum" "SHA1" >> "$release_file"
add_hashes "$dist_dir" "sha256sum" "SHA256" >> "$release_file"
done
- echo "-- Importing and refreshing PGP key"
- echo "$PGP_PUBKEY" > "$TMP_APT_ROOT/pubkey.txt"
- export PGP_KEYID=$(echo "$PGP_PUBKEY" | gpg --with-colons --import-options show-only --import --fingerprint | grep -e '^fpr:' | head -1 | awk -F ':' '{print $(NF - 1)}')
- |
cat <<EOF | gpg --import --armor
$PGP_PRIVKEY
EOF
- echo "-- Signing Release files"
- |
find "$TMP_APT_ROOT/dists" -type f -name Release | while read file; do
dirname="$(dirname "$file")"
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs > "$file.gpg"
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs --clearsign > "$dirname/InRelease"
done
- echo "-- Updating the apt repo root on S3"
- export OLD_APT_ROOT="$BUCKET_MNT/oldapt"
- |
if [ ! -d "$OLD_APT_ROOT" ]; then
mv "$APT_ROOT" "$OLD_APT_ROOT"
mv "$TMP_APT_ROOT" "$APT_ROOT"
rm -rf "$OLD_APT_ROOT"
fi
###
### Update the RPM (stable) packages
###
- name: update-rpm-repo
image: fedora
privileged: true # Required to use the FUSE module for s3fs
environment:
RPM_VERSION: stable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
PGP_PUBKEY:
from_secret: rpm_pgp_pub_key
PGP_PRIVKEY:
from_secret: rpm_pgp_priv_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- yum install -y createrepo rpm-build rpm-sign gpg wget yum-utils git python python-pip s3fs-fuse
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export RPM_ROOT="$BUCKET_MNT/rpm"
- mkdir -p "$RPM_ROOT"
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export RELNUM=$(git log --pretty=oneline HEAD...v$VERSION | wc -l)
- export SPECFILE="$WORKDIR/$PKG_NAME.spec"
- export BUILD_DIR="$WORKDIR/build"
- export TMP_RPM_ROOT="$WORKDIR/repo"
- export SRC_URL="https://git.platypush.tech/platypush/platypush/archive/master.tar.gz"
- echo "--- Creating git package spec"
- |
cat <<EOF > $SPECFILE
Summary: Universal command executor and automation hub.
Name: $PKG_NAME-git
Version: $VERSION
Release: $RELNUM
URL: https://platypush.tech
Group: System
License: MIT
Packager: Fabio Manganiello <fabio@platypush.tech>
Source: $SRC_URL
Requires: $(cat platypush/install/requirements/fedora.txt | tr '\n' ' ')
Conflicts: $PKG_NAME
Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-root
%description
Universal command executor and automation hub.
%install
mkdir -p %{buildroot}/
cp -r "$BUILD_DIR"/* %{buildroot}/
%clean
%files
/usr/bin/*
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush-$VERSION.dist-info
%changelog
* $(date +'%a %b %d %Y') admin <admin@platypush.tech>
- [Automatic] Release $VERSION-$RELNUM
EOF
- echo "--- Building git package"
- mkdir -p "$BUILD_DIR"
- pip install --prefix="$BUILD_DIR/usr" --no-cache --no-deps .
- rpmbuild --target "noarch" -bb "$SPECFILE"
- echo "--- Copying the new RPM package"
- mkdir -p "$TMP_RPM_ROOT"
- cp "$HOME/rpmbuild/RPMS/noarch/$PKG_NAME-git-$VERSION-$RELNUM.noarch.rpm" "$TMP_RPM_ROOT"
- echo "--- Checking the latest released stable version"
- export LATEST_STABLE_PKG=$(ls -rt "$RPM_ROOT/$PKG_NAME"*.rpm 2>/dev/null | grep -v "$PKG_NAME-git" | tail -1)
- |
if [ -z "$LATEST_STABLE_PKG" ]; then
# If not stable release is available, then create one
export UPDATE_STABLE_PKG=1
else
# Otherwise, create a new release if the reported version on the repo is different
# from the latest released version.
export LATEST_STABLE_VERSION=$(basename $LATEST_STABLE_PKG | cut -d- -f 2)
if [ "$VERSION" != "$LATEST_STABLE_VERSION" ]; then
export UPDATE_STABLE_PKG=1
else
# If the version has remained the same, then simply copy the existing RPM to the
# new repository directory.
echo "Copying the existing release $LATEST_STABLE_VERSION to the new repository"
cp "$LATEST_STABLE_PKG" "$TMP_RPM_ROOT"
fi
fi
# If a new stable release is required, build another RPM
- |
if [ -n "$UPDATE_STABLE_PKG" ]; then
export RELNUM=1
export SRC_URL="https://git.platypush.tech/platypush/platypush/archive/v$VERSION.tar.gz"
cat <<EOF > $SPECFILE
Summary: Universal command executor and automation hub.
Name: $PKG_NAME
Version: $VERSION
Release: $RELNUM
URL: https://platypush.tech
Group: System
License: MIT
Packager: Fabio Manganiello <fabio@platypush.tech>
Source: $SRC_URL
Requires: $(cat platypush/install/requirements/fedora.txt | tr '\n' ' ')
Conflicts: $PKG_NAME-git
Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-root
%description
Universal command executor and automation hub.
%install
mkdir -p %{buildroot}/
cp -r "$BUILD_DIR"/* %{buildroot}/
%clean
%files
/usr/bin/*
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush-$VERSION.dist-info
%changelog
* $(date +'%a %b %d %Y') admin <admin@platypush.tech>
- [Automatic] Release $VERSION-$RELNUM
EOF
echo "--- Building package for stable release $VERSION"
rpmbuild --target "noarch" -bb "$SPECFILE"
cp "$HOME/rpmbuild/RPMS/noarch/$PKG_NAME-$VERSION-$RELNUM.noarch.rpm" "$TMP_RPM_ROOT"
fi
- echo "--- Importing the repository keys"
- |
cat <<EOF | gpg --import --armor
$PGP_PRIVKEY
EOF
- export PGP_KEYID=$(echo "$PGP_PUBKEY" | gpg --with-colons --import-options show-only --import --fingerprint | grep -e '^fpr:' | head -1 | awk -F ':' '{print $(NF - 1)}')
- |
cat <<EOF > $HOME/.rpmmacros
%signature gpg
%_gpg_name $PGP_KEYID
EOF
- echo "--- Signing the new RPM packages"
- rpm --addsign "$TMP_RPM_ROOT"/*.rpm
- echo "--- Creating a new copy of the RPM repository"
- createrepo "$TMP_RPM_ROOT"
- gpg --detach-sign --armor "$TMP_RPM_ROOT/repodata/repomd.xml"
- echo "--- Updating the S3 bucket"
- export NEW_RPM_ROOT="$BUCKET_MNT/rpm_new"
- export OLD_RPM_ROOT="$BUCKET_MNT/rpm_old"
- cp -r "$TMP_RPM_ROOT" "$NEW_RPM_ROOT"
- rm -rf "$TMP_RPM_ROOT"
- mv "$RPM_ROOT" "$OLD_RPM_ROOT"
- mv "$NEW_RPM_ROOT" "$RPM_ROOT"
- rm -rf "$OLD_RPM_ROOT"
###
### Updates the pip package upon new releases
###
- name: update-pip-package
image: python:3.11-alpine
environment:
TWINE_USERNAME:
from_secret: pypi_user
TWINE_PASSWORD:
from_secret: pypi_pass
when:
event:
- tag
depends_on:
- tests
- docs
commands:
- apk add --update --no-cache py3-twine
- python setup.py sdist bdist_wheel
- twine upload dist/platypush-$(python setup.py --version).tar.gz
###
### Checkpoint step that waits for all the package update
### steps to complete before proceeding to the next steps.
###
- name: wait-pkg-update
image: alpine
when:
branch:
- master
event:
- push
depends_on:
- update-arch-packages
- update-rpm-repo
- update-apt-repo
commands:
- echo "All packages have been successfully updated"
###
### Notifies about a new release
###
- name: notify-release
image: python:3.11-alpine
environment:
WORKER_RPC_SECRET:
from_secret: worker_rpc_secret
when:
event:
- tag
depends_on:
- update-pip-package
commands:
- apk add --update --no-cache curl
- |
curl --silent -XPOST \
-H "X-Token: $WORKER_RPC_SECRET" \
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-release?version=$(python setup.py --version)"
###
### Notifies about a change in the CI/CD build status
###
- name: notify-build-status
image: alpine
environment:
WORKER_RPC_SECRET:
from_secret: worker_rpc_secret
when:
branch:
- master
event:
- push
status:
- success
- failure
depends_on:
- wait-pkg-update
commands:
- apk add --update --no-cache curl
- |
curl --silent -XPOST \
-H "X-Token: $WORKER_RPC_SECRET" \
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-build?status=$DRONE_BUILD_STATUS"