revil-O/platypush
1
0
Fork 0
forked from platypush/platypush
Code Pull requests Activity
platypush/.drone.yml
Fabio Manganiello d4c790925b
[CI/CD] Changed order of the S3 bucket mount step in deb builds. 
It seems that s3fs may fail if two clients try to mount the same
resource with the same token at the same time.
2023-10-14 15:26:07 +02:00

963 lines
28 KiB
YAML
Raw Blame History

---
kind: pipeline
type: docker
name: default
volumes:
- name: docs
host:
path: /opt/docs/platypush
steps:
###
### Mirror the current repository state to Github
###
- name: github-mirror
image: alpine
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
commands:
- apk add --update --no-cache git openssh
- mkdir -p ~/.ssh
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
- git config --global --add safe.directory $PWD
- git remote add github git@github.com:/BlackLight/platypush.git
- git pull --rebase github "$(git branch | head -1 | awk '{print $2}')" || echo "No such branch on Github"
- git push --all -v github
###
### Synchronize the `stable` branch to the new release
###
- name: sync-stable-branch
image: alpine
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
PGP_KEY:
from_secret: pgp_key
PGP_KEY_ID:
from_secret: pgp_key_id
commands:
- apk add --update --no-cache git bash gnupg openssh
# Backup the original git configuration before changing attributes
- export GIT_CONF=$PWD/.git/config
- cp $GIT_CONF /tmp/git.config.orig
- git config --global --add safe.directory $PWD
# Install the SSH and PGP keys
- mkdir -p ~/.ssh
- |
cat <<EOF | gpg --import --armor
$PGP_KEY
EOF
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
# Git configuration
- git config user.name "Platypush CI/CD Automation"
- git config user.email "admin@platypush.tech"
- git config commit.gpgsign true
- git config user.signingkey $PGP_KEY_ID
- git remote rm origin
- git remote add origin git@git.platypush.tech:platypush/platypush.git
# Merge and push to the `stable` branch
- git checkout stable
- git rebase master
- git push -u origin stable
- git checkout master
# Restore the original git configuration
- mv /tmp/git.config.orig $GIT_CONF
when:
event:
- tag
###
### Rebuild the docs
###
- name: docs
image: alpine
volumes:
- name: docs
path: /docs
commands:
- echo "Installing required build dependencies"
- apk add --update --no-cache make py3-sphinx py3-pip py3-paho-mqtt $(cat platypush/install/requirements/alpine.txt)
- pip install -U hid sphinx-rtd-theme sphinx-book-theme
- pip install .
- mkdir -p /docs/current
- export APPDIR=$PWD
- rm -rf "$APPDIR/docs/build"
- echo "Building the updated documentation"
- cd "$APPDIR/docs"
- make html
- rm -f config*.yaml
- cd "$APPDIR"
- echo "Copying the new documentation files to the target folder"
- mv -v "$APPDIR/docs/build" /docs/new
- cd /docs
- mv current old
- mv new current
- rm -rf old
when:
event:
- tag
depends_on:
- sync-stable-branch
###
### Run the tests
###
- name: tests
image: alpine
commands:
- apk add --update --no-cache $(cat platypush/install/requirements/alpine.txt)
- pip install .
- pip install -r requirements-tests.txt
- pytest tests
###
### Rebuild the UI files
###
- name: build-ui
image: node:current-alpine3.18
environment:
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
PGP_KEY:
from_secret: pgp_key
PGP_KEY_ID:
from_secret: pgp_key_id
when:
branch:
- master
event:
- push
depends_on:
- tests
commands:
- apk add --update --no-cache git
# Backup the original git configuration before changing attributes
- export GIT_CONF=$PWD/.git/config
- cp $GIT_CONF /tmp/git.config.orig
- git config --global --add safe.directory $PWD
- cd platypush/backend/http/webapp
- |
if [ $(git log --pretty=oneline $DRONE_COMMIT_AFTER...$DRONE_COMMIT_BEFORE . | wc -l) -eq 0 ]; then
echo "No UI changes detected, skipping build"
exit 0
fi
- |
if [ "$(git log --pretty=format:%s HEAD...HEAD~1 | head -1)" == "[Automatic] Updated UI files" ]; then
echo "UI changes have already been committed, skipping build"
exit 0
fi
- rm -rf node_modules
- npm install
- npm run build
- |
if [ $(git status --porcelain dist | wc -l) -eq 0 ]; then
echo "No build files have been changed"
exit 0
fi
- apk add --update --no-cache bash gnupg openssh
- mkdir -p ~/.ssh
- |
cat <<EOF | gpg --import --armor
$PGP_KEY
EOF
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
- git config user.name "Platypush CI/CD Automation"
- git config user.email "admin@platypush.tech"
- git config commit.gpgsign true
- git config user.signingkey $PGP_KEY_ID
- git add dist
- git commit dist -S -m "[Automatic] Updated UI files" --no-verify
- git remote rm origin
- git remote add origin git@git.platypush.tech:platypush/platypush.git
- git push -f origin master
# Restore the original git configuration
- mv /tmp/git.config.orig $GIT_CONF
###
### Update the Arch packages
###
- name: update-arch-packages
image: python:3.11-alpine
environment:
WORKDIR: /tmp/workdir
SSH_PUBKEY:
from_secret: ssh_pubkey
SSH_PRIVKEY:
from_secret: ssh_privkey
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- apk add --update --no-cache curl git openssh pacman sudo
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python setup.py --version)
- export HEAD=$(git log --pretty=format:%h HEAD...HEAD~1 | head -1)
- export GIT_VERSION="$VERSION.r$(git log --pretty=oneline HEAD...v$VERSION | wc -l).$HEAD"
- export TAG_URL="https://git.platypush.tech/platypush/platypush/archive/v$VERSION.tar.gz"
- echo "--- Preparing environment"
- mkdir -p ~/.ssh
- echo $SSH_PUBKEY > ~/.ssh/id_rsa.pub
- |
cat <<EOF > ~/.ssh/id_rsa
$SSH_PRIVKEY
EOF
- chmod 0600 ~/.ssh/id_rsa
- ssh-keyscan git.platypush.tech >> ~/.ssh/known_hosts 2>/dev/null
- ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null
- adduser -u 1000 -D build
- mkdir -p $WORKDIR
- echo "--- Updating Arch git version"
- export PKGDIR=$WORKDIR/git
- git clone ssh://aur@aur.archlinux.org/platypush-git.git $PKGDIR
- git config --global --add safe.directory $PKGDIR
- chown -R build $PKGDIR
- cd $PKGDIR
- |
sed -i 'PKGBUILD' -r \
-e "s/^pkgver=.*/pkgver=$GIT_VERSION/" \
-e "s/^pkgrel=.*/pkgrel=1/" \
- sudo -u build makepkg --printsrcinfo > .SRCINFO
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
- |
if [ $FILES_CHANGED -gt 0 ]; then
echo "--- Pushing git package version $GIT_VERSION"
git commit -a -m '[Automatic] Package update'
git push origin master
fi
- echo "--- Updating Arch stable version"
- export PKGDIR=$WORKDIR/stable
- git clone ssh://aur@aur.archlinux.org/platypush.git $PKGDIR
- git config --global --add safe.directory $PKGDIR
- chown -R build $PKGDIR
- cd $PKGDIR
- export RELEASED_VERSION=$(grep -e '^pkgver=' PKGBUILD | sed -r -e 's/^pkgver=(.*)\s*/\1/')
- |
if [ "$RELEASED_VERSION" == "$VERSION" ]; then
exit 0
fi
- export TAG_CHECKSUM=$(curl --silent "$TAG_URL" | sha512sum | awk '{print $1}')
- |
sed -i 'PKGBUILD' -r \
-e "s/^pkgver=.*/pkgver=$VERSION/" \
-e "s/^pkgrel=.*/pkgrel=1/" \
-e "s/^sha512sums=.*/sha512sums=('$TAG_CHECKSUM')/"
- sudo -u build makepkg --printsrcinfo > .SRCINFO
- export FILES_CHANGED=$(git status --porcelain --untracked-files=no | wc -l)
- |
if [ $FILES_CHANGED -gt 0 ]; then
echo "--- Pushing stable package version $VERSION"
git commit -a -m '[Automatic] Package update'
git push origin master
fi
###
### Update the Debian (stable) packages
###
- name: update-debian-stable-packages
image: debian:stable
privileged: true # Required to use the FUSE module for s3fs
environment:
DEB_VERSION: stable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- apt update
- apt install -y curl dpkg-dev gpg git python3 python3-pip s3fs
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export GIT_VERSION="$VERSION-$(( $(git log --pretty=oneline HEAD...v$VERSION | wc -l) + 1))"
- export GIT_BUILD_DIR="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all"
- export GIT_DEB="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all.deb"
- echo "--- Building git package"
- pip install --prefix="$GIT_BUILD_DIR/usr" --no-cache --no-deps .
- |
find "$GIT_BUILD_DIR" -name "site-packages" | while read dir; do
base="$(dirname "$dir")"
mv "$dir" "$base/dist-packages"
done
- mkdir -p "$GIT_BUILD_DIR/DEBIAN"
- |
cat <<EOF > "$GIT_BUILD_DIR/DEBIAN/control"
Package: $PKG_NAME
Version: $GIT_VERSION
Maintainer: Fabio Manganiello <fabio@platypush.tech>
Depends: $(cat platypush/install/requirements/debian.txt | tr '\n' ',' | sed -re 's/,$//' -e 's/,/, /g')
Architecture: all
Homepage: https://platypush.tech
Description: Universal command executor and automation hub.
EOF
- dpkg --build "$GIT_BUILD_DIR"
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export APT_ROOT="$BUCKET_MNT/apt"
- echo "--- Pushing package to the S3 bucket"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/dev"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/dev/"
# If main/all/Packages doesn't exist, then we should create the first main release
- export PKGURL="https://apt.platypush.tech/dists/$DEB_VERSION/main/all/Packages"
- |
[ -z "$UPDATE_STABLE_PKG" ] &&
curl -ILs -o /dev/null -w "%{http_code}" "$PKGURL" |
grep -e '^4' >/dev/null && export UPDATE_STABLE_PKG=1
# If the published release version differs from the current one, then we should publish a new main release
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
RELEASED_VERSION=$(curl -s "$PKGURL" | grep -e '^Version: ' | head -1 | awk '{print $2}' | cut -d- -f 1)
[ "$RELEASED_VERSION" != "$VERSION" ] && export UPDATE_STABLE_PKG=1
fi
# Don't proceed and update the main release if it hasn't changed
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
exit 0
fi
- echo "--- Updating main package"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/main"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/main/$${PKG_NAME}_$${VERSION}-1_all.deb"
###
### Update the Debian (oldstable) packages
###
- name: update-debian-oldstable-packages
image: debian:oldstable
privileged: true # Required to use the FUSE module for s3fs
environment:
DEB_VERSION: oldstable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "-- Installing dependencies"
- apt update
- apt install -y curl dpkg-dev gpg git python3 python3-pip s3fs
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export APT_ROOT="$BUCKET_MNT/apt"
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export GIT_VERSION="$VERSION-$(( $(git log --pretty=oneline HEAD...v$VERSION | wc -l) + 1))"
- export GIT_BUILD_DIR="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all"
- export GIT_DEB="$WORKDIR/$${PKG_NAME}_$${GIT_VERSION}_all.deb"
- echo "--- Building git package"
- pip install --prefix="$GIT_BUILD_DIR/usr" --no-cache --no-deps .
- |
find "$GIT_BUILD_DIR" -name "site-packages" | while read dir; do
base="$(dirname "$dir")"
mv "$dir" "$base/dist-packages"
done
- mkdir -p "$GIT_BUILD_DIR/DEBIAN"
- |
cat <<EOF > "$GIT_BUILD_DIR/DEBIAN/control"
Package: $PKG_NAME
Version: $GIT_VERSION
Maintainer: Fabio Manganiello <fabio@platypush.tech>
Depends: $(cat platypush/install/requirements/debian.txt | tr '\n' ',' | sed -re 's/,$//' -e 's/,/, /g')
Architecture: all
Homepage: https://platypush.tech
Description: Universal command executor and automation hub.
EOF
- dpkg --build "$GIT_BUILD_DIR"
- echo "--- Pushing package to the S3 bucket"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/dev"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/dev/"
# If main/all/Packages doesn't exist, then we should create the first main release
- export PKGURL="https://apt.platypush.tech/dists/$DEB_VERSION/main/all/Packages"
- |
[ -z "$UPDATE_STABLE_PKG" ] &&
curl -ILs -o /dev/null -w "%{http_code}" "$PKGURL" |
grep -e '^4' >/dev/null && export UPDATE_STABLE_PKG=1
# If the published release version differs from the current one, then we should publish a new main release
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
RELEASED_VERSION=$(curl -s "$PKGURL" | grep -e '^Version: ' | head -1 | awk '{print $2}' | cut -d- -f 1)
[ "$RELEASED_VERSION" != "$VERSION" ] && export UPDATE_STABLE_PKG=1
fi
# Don't proceed and update the main release if it hasn't changed
- |
if [ -z "$UPDATE_STABLE_PKG" ]; then
exit 0
fi
- echo "--- Updating main package"
- mkdir -p "$APT_ROOT/pool/$DEB_VERSION/main"
- cp "$GIT_DEB" "$APT_ROOT/pool/$DEB_VERSION/main/$${PKG_NAME}_$${VERSION}-1_all.deb"
###
### Updates the APT repository after new packages have been pushed
###
- name: update-apt-repo
image: debian:stable
privileged: true # Required to use the FUSE module for s3fs
environment:
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
PGP_PUBKEY:
from_secret: apt_pgp_pub_key
PGP_PRIVKEY:
from_secret: apt_pgp_priv_key
when:
branch:
- master
event:
- push
depends_on:
- update-debian-stable-packages
- update-debian-oldstable-packages
commands:
- echo "-- Installing dependencies"
- apt update
- apt install -y s3fs dpkg-dev gpg
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export APT_ROOT="$BUCKET_MNT/apt"
- mkdir -p "$APT_ROOT"
- echo "-- Creating a new apt root folder"
- export TMP_APT_ROOT="/tmp/apt"
- cp -r "$APT_ROOT" "$TMP_APT_ROOT"
- echo "-- Cleaning up older apt releases"
- |
find "$TMP_APT_ROOT/pool" -mindepth 2 -maxdepth 2 -type d | while read reldir; do
pkg_to_remove=$(( $(ls "$reldir"/*.deb | wc -l) - 1 ))
[ $pkg_to_remove -le 0 ] && continue
ls "$reldir"/*.deb | sort -V | head -n$pkg_to_remove | xargs rm -f
done
- echo "-- Updating Packages files"
- |
echo "stable\noldstable" | while read distro; do
echo "main\ndev" | while read branch; do
branch_dir="$TMP_APT_ROOT/pool/$distro/$branch"
[ -d "$branch_dir" ] || continue
dist_dir="$TMP_APT_ROOT/dists/$distro/$branch/all"
mkdir -p "$dist_dir"
pkg_file="$dist_dir/Packages"
dpkg-scanpackages --arch all "$branch_dir" > "$pkg_file"
sed -i "$pkg_file" -re "s|^Filename: $TMP_APT_ROOT/|Filename: |"
cat "$pkg_file" | gzip -9 > "$pkg_file.gz"
done
done
- echo "-- Updating Release files"
- |
add_hashes() {
dist_dir=$1
hash_cmd=$2
hash_label=$3
echo "$hash_label:"
find "$dist_dir" -name 'Packages*' | while read file; do
basename="$(echo "$file" | sed -r -e "s|^$dist_dir/||")"
hash="$($hash_cmd "$file" | cut -d" " -f1)"
size="$(wc -c < $file)"
echo " $hash $size $basename"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-i386/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-amd64/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-armel/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-armhf/|')"
echo " $hash $size $(echo $basename | sed -re 's|/all/|/binary-arm64/|')"
done
}
echo "stable\noldstable" | while read distro; do
dist_dir="$TMP_APT_ROOT/dists/$distro"
components=$(find "$dist_dir" -name Packages | awk -F '/' '{print $(NF-2)}' | uniq | tr '\n' ' ')
release_file="$dist_dir/Release"
cat <<EOF > "$release_file"
Origin: Platypush repository
Label: Platypush
Suite: $distro
Codename: $distro
Architectures: i386 amd64 armel armhf arm64
Components: $components
Description: The official APT repository for Platypush
Date: $(date -Ru)
EOF
add_hashes "$dist_dir" "md5sum" "MD5Sum" >> "$release_file"
add_hashes "$dist_dir" "sha1sum" "SHA1" >> "$release_file"
add_hashes "$dist_dir" "sha256sum" "SHA256" >> "$release_file"
done
- echo "-- Importing and refreshing PGP key"
- echo "$PGP_PUBKEY" > "$TMP_APT_ROOT/pubkey.txt"
- export PGP_KEYID=$(echo "$PGP_PUBKEY" | gpg --with-colons --import-options show-only --import --fingerprint | grep -e '^fpr:' | head -1 | awk -F ':' '{print $(NF - 1)}')
- |
cat <<EOF | gpg --import --armor
$PGP_PRIVKEY
EOF
- echo "-- Signing Release files"
- |
find "$TMP_APT_ROOT/dists" -type f -name Release | while read file; do
dirname="$(dirname "$file")"
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs > "$file.gpg"
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs --clearsign > "$dirname/InRelease"
done
- echo "-- Updating the apt repo root on S3"
- export OLD_APT_ROOT="$BUCKET_MNT/oldapt"
- |
if [ ! -d "$OLD_APT_ROOT" ]; then
mv "$APT_ROOT" "$OLD_APT_ROOT"
mv "$TMP_APT_ROOT" "$APT_ROOT"
rm -rf "$OLD_APT_ROOT"
fi
###
### Update the RPM (stable) packages
###
- name: update-rpm-repo
image: fedora
privileged: true # Required to use the FUSE module for s3fs
environment:
RPM_VERSION: stable
WORKDIR: /tmp/workdir
PKG_NAME: platypush
S3_BUCKET: platypush-pkg
BUCKET_MNT: /mnt/s3
AWS_ENDPOINT_URL: https://s3.nl-ams.scw.cloud
AWS_DEFAULT_REGION: nl-ams
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
PGP_PUBKEY:
from_secret: rpm_pgp_pub_key
PGP_PRIVKEY:
from_secret: rpm_pgp_priv_key
when:
branch:
- master
event:
- push
depends_on:
- build-ui
commands:
- echo "-- Installing dependencies"
- yum install -y createrepo rpm-build rpm-sign gpg wget yum-utils git python python-pip s3fs-fuse
- echo "-- Copying source directory"
- mkdir -p "$WORKDIR"
- export SRCDIR="$WORKDIR/src"
- cp -r "$PWD" "$SRCDIR"
- cd "$SRCDIR"
- echo "-- Mounting the S3 bucket"
- mkdir -p "$BUCKET_MNT"
- s3fs "$S3_BUCKET" "$BUCKET_MNT" -o url="$AWS_ENDPOINT_URL"
- export RPM_ROOT="$BUCKET_MNT/rpm"
- mkdir -p "$RPM_ROOT"
- echo "--- Parsing metadata"
- git config --global --add safe.directory $PWD
- git pull --rebase origin master --tags
- export VERSION=$(python3 setup.py --version)
- export RELNUM=$(git log --pretty=oneline HEAD...v$VERSION | wc -l)
- export SPECFILE="$WORKDIR/$PKG_NAME.spec"
- export BUILD_DIR="$WORKDIR/build"
- export TMP_RPM_ROOT="$WORKDIR/repo"
- export SRC_URL="https://git.platypush.tech/platypush/platypush/archive/master.tar.gz"
- echo "--- Creating git package spec"
- |
cat <<EOF > $SPECFILE
Summary: Universal command executor and automation hub.
Name: $PKG_NAME-git
Version: $VERSION
Release: $RELNUM
URL: https://platypush.tech
Group: System
License: MIT
Packager: Fabio Manganiello <fabio@platypush.tech>
Source: $SRC_URL
Requires: $(cat platypush/install/requirements/fedora.txt | tr '\n' ' ')
Conflicts: $PKG_NAME
Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-root
%description
Universal command executor and automation hub.
%install
mkdir -p %{buildroot}/
cp -r "$BUILD_DIR"/* %{buildroot}/
%clean
%files
/usr/bin/*
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush-$VERSION.dist-info
%changelog
* $(date +'%a %b %d %Y') admin <admin@platypush.tech>
- [Automatic] Release $VERSION-$RELNUM
EOF
- echo "--- Building git package"
- mkdir -p "$BUILD_DIR"
- pip install --prefix="$BUILD_DIR/usr" --no-cache --no-deps .
- rpmbuild --target "noarch" -bb "$SPECFILE"
- echo "--- Copying the new RPM package"
- mkdir -p "$TMP_RPM_ROOT"
- cp "$HOME/rpmbuild/RPMS/noarch/$PKG_NAME-git-$VERSION-$RELNUM.noarch.rpm" "$TMP_RPM_ROOT"
- echo "--- Checking the latest released stable version"
- export LATEST_STABLE_PKG=$(ls -rt "$RPM_ROOT/$PKG_NAME"*.rpm 2>/dev/null | grep -v "$PKG_NAME-git" | tail -1)
- |
if [ -z "$LATEST_STABLE_PKG" ]; then
# If not stable release is available, then create one
export UPDATE_STABLE_PKG=1
else
# Otherwise, create a new release if the reported version on the repo is different
# from the latest released version.
export LATEST_STABLE_VERSION=$(basename $LATEST_STABLE_PKG | cut -d- -f 2)
if [ "$VERSION" != "$LATEST_STABLE_VERSION" ]; then
export UPDATE_STABLE_PKG=1
else
# If the version has remained the same, then simply copy the existing RPM to the
# new repository directory.
echo "Copying the existing release $LATEST_STABLE_VERSION to the new repository"
cp "$LATEST_STABLE_PKG" "$TMP_RPM_ROOT"
fi
fi
# If a new stable release is required, build another RPM
- |
if [ -n "$UPDATE_STABLE_PKG" ]; then
export RELNUM=1
export SRC_URL="https://git.platypush.tech/platypush/platypush/archive/v$VERSION.tar.gz"
cat <<EOF > $SPECFILE
Summary: Universal command executor and automation hub.
Name: $PKG_NAME
Version: $VERSION
Release: $RELNUM
URL: https://platypush.tech
Group: System
License: MIT
Packager: Fabio Manganiello <fabio@platypush.tech>
Source: $SRC_URL
Requires: $(cat platypush/install/requirements/fedora.txt | tr '\n' ' ')
Conflicts: $PKG_NAME-git
Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-root
%description
Universal command executor and automation hub.
%install
mkdir -p %{buildroot}/
cp -r "$BUILD_DIR"/* %{buildroot}/
%clean
%files
/usr/bin/*
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush
/usr/lib/python$(python3 --version | awk '{print $2}' | cut -d. -f 1,2)/site-packages/platypush-$VERSION.dist-info
%changelog
* $(date +'%a %b %d %Y') admin <admin@platypush.tech>
- [Automatic] Release $VERSION-$RELNUM
EOF
echo "--- Building package for stable release $VERSION"
rpmbuild --target "noarch" -bb "$SPECFILE"
cp "$HOME/rpmbuild/RPMS/noarch/$PKG_NAME-$VERSION-$RELNUM.noarch.rpm" "$TMP_RPM_ROOT"
fi
- echo "--- Importing the repository keys"
- |
cat <<EOF | gpg --import --armor
$PGP_PRIVKEY
EOF
- export PGP_KEYID=$(echo "$PGP_PUBKEY" | gpg --with-colons --import-options show-only --import --fingerprint | grep -e '^fpr:' | head -1 | awk -F ':' '{print $(NF - 1)}')
- |
cat <<EOF > $HOME/.rpmmacros
%signature gpg
%_gpg_name $PGP_KEYID
EOF
- echo "--- Signing the new RPM packages"
- rpm --addsign "$TMP_RPM_ROOT"/*.rpm
- echo "--- Creating a new copy of the RPM repository"
- createrepo "$TMP_RPM_ROOT"
- gpg --detach-sign --armor "$TMP_RPM_ROOT/repodata/repomd.xml"
- echo "--- Updating the S3 bucket"
- export NEW_RPM_ROOT="$BUCKET_MNT/rpm_new"
- export OLD_RPM_ROOT="$BUCKET_MNT/rpm_old"
- cp -r "$TMP_RPM_ROOT" "$NEW_RPM_ROOT"
- rm -rf "$TMP_RPM_ROOT"
- mv "$RPM_ROOT" "$OLD_RPM_ROOT"
- mv "$NEW_RPM_ROOT" "$RPM_ROOT"
- rm -rf "$OLD_RPM_ROOT"
###
### Updates the pip package upon new releases
###
- name: update-pip-package
image: python:3.11-alpine
environment:
TWINE_USERNAME:
from_secret: pypi_user
TWINE_PASSWORD:
from_secret: pypi_pass
when:
event:
- tag
depends_on:
- tests
- docs
commands:
- apk add --update --no-cache py3-twine
- python setup.py sdist bdist_wheel
- twine upload dist/platypush-$(python setup.py --version).tar.gz
###
### Checkpoint step that waits for all the package update
### steps to complete before proceeding to the next steps.
###
- name: wait-pkg-update
image: alpine
when:
branch:
- master
event:
- push
depends_on:
- update-arch-packages
- update-rpm-repo
- update-apt-repo
commands:
- echo "All packages have been successfully updated"
###
### Notifies about a new release
###
- name: notify-release
image: python:3.11-alpine
environment:
WORKER_RPC_SECRET:
from_secret: worker_rpc_secret
when:
event:
- tag
depends_on:
- update-pip-package
commands:
- apk add --update --no-cache curl
- |
curl --silent -XPOST \
-H "X-Token: $WORKER_RPC_SECRET" \
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-release?version=$(python setup.py --version)"
###
### Notifies about a change in the CI/CD build status
###
- name: notify-build-status
image: alpine
environment:
WORKER_RPC_SECRET:
from_secret: worker_rpc_secret
when:
branch:
- master
event:
- push
status:
- success
- failure
depends_on:
- wait-pkg-update
commands:
- apk add --update --no-cache curl
- |
curl --silent -XPOST \
-H "X-Token: $WORKER_RPC_SECRET" \
"https://worker.ci-cd.platypush.tech/hook/notify-platypush-build?status=$DRONE_BUILD_STATUS"
View git blame Copy permalink