~comcloudway/ccw-aports: Migrated to sourcehut CI: stage 1

9 files changed, 175 insertions(+), 113 deletions(-)

D .build.yml
A .builds/001-check-commit.yml
A .builds/002-build-commit.yml
A .builds/003-check-all.yml
A .builds/004-build-all.yml
D .forgejo/workflows/build-all.yml
D .forgejo/workflows/check-all.yml
M .gitignore
D .woodpecker.yml

D .build.yml => .build.yml +0 -25

@@ 1,25 0,0 @@
-image: alpine/edge
-repositories:
-  ccw.icu: >
-    /home/build/packages
-    https://git.sr.ht/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
-    comcloudway@ccw.icu.rsa.pub
-packages:
-  - bash
-  - fd
-  - abuild
-  - dateutils
-sources:
-  - https://git.sr.ht/~comcloudway/ccw-aports/
-secrets:
-  # privkey
-  - cb16ed57-2486-4afc-be50-8bbcd3fae405
-  # aports pubkey
-  - f0aa24db-26a9-4b3d-b379-eee7429fd6f6
-tasks:
-  - setup: echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
-  - build: |
-      cd ccw-aports
-      ./build.sh repo main
-  - package: |
-    # TODO: Add task to upload artifacts in current repo

A .builds/001-check-commit.yml => .builds/001-check-commit.yml +11 -0

@@ 0,0 1,11 @@
+image: alpine/edge
+packages:
+  - atools
+tasks:
+  - prepare: |
+      touch ~/pkglist
+      if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+        git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+      fi
+  - check: |
+      cat ~/pkglist | xargs -n 1 apkbuild-lint

A .builds/002-build-commit.yml => .builds/002-build-commit.yml +78 -0

@@ 0,0 1,78 @@
+image: alpine/edge
+repositories:
+  ccw.icu: >
+    /home/build/packages
+    https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
+    comcloudway@ccw.icu.rsa.pub
+packages:
+  # prepare dependency
+  - git
+  # setup dependency
+  - cargo
+  # build dependency
+  - abuild
+  - abuild-rootbld
+  - qemu
+  - qemu-openrc
+  - qemu-x86_64
+  # upload dependency
+  - rsync
+environment:
+  targets:
+    - x86_64
+  builddir: ccw-aports
+  mirror: ""
+sources:
+  - https://git.hut.ccw.icu/~comcloudway/ccw-aports
+  - https://git.hut.ccw.icu/~comcloudway/cabin
+secrets:
+  # aports privkey
+  - 6e441cad-ff1f-4ac9-877f-76164952afb6
+  # aports pubkey
+  - 2314bda9-af3f-40f7-99cf-330595ad006f
+  # file containing rsync password. 
+  # format: RSYNC_PASSWORD="<yourpassword>"
+  - c092726a-e17c-4498-adbf-90cd4771b5eb
+tasks:
+  - prepare: |
+      cd $builddir
+      # detect changed packages
+      # build all if undetected
+      if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+        git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+        # configure keypath
+        echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
+        # start binfmt service for userspace emulation 
+        # required by abuild-rootbld
+        rc-service qemu-binfmt start
+      fi
+  - setup: |
+      if [ -f ~/pkglist ]; then
+        cd cabin
+        cargo build --release
+        sudo cargo install --path . --root="/usr"
+      fi
+  - index: |
+      if [ -f ~/pkglist ]; then
+        cd $builddir
+        cabin scan
+      fi
+  - build: |
+      if [ -f ~/pkglist ]; then
+        cd $builddir
+        for target in "${targets[@]}"
+        do
+          # cabin build-group will automatically generate a tree and order
+          # in which to build the dependencies
+          cat ~/pkglist | xargs cabin build-group -a $target -v 
+        done
+      fi
+  - upload: |
+      if [ -f ~/pkglist ]; then
+        set +x # hide secret
+        set -a # load variable from file even without export
+        source ~/.rsyncpass
+        set +a
+        set -x
+        rsync -Irtlzv /home/builder/packages/* $mirror
+      fi

A .builds/003-check-all.yml => .builds/003-check-all.yml +6 -0

@@ 0,0 1,6 @@
+image: alpine/edge
+packages:
+  - atools
+tasks:
+  - checkall: |
+      find . -type f -iname 'APKBUILD' | xargs -n 1 apkbuild-lint

A .builds/004-build-all.yml => .builds/004-build-all.yml +79 -0

@@ 0,0 1,79 @@
+image: alpine/edge
+repositories:
+  ccw.icu: >
+    /home/build/packages
+    https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
+    comcloudway@ccw.icu.rsa.pub
+packages:
+  # prepare dependency
+  - git
+  # setup dependency
+  - cargo
+  # build dependency
+  - abuild
+  - abuild-rootbld
+  - qemu
+  - qemu-openrc
+  - qemu-x86_64
+  # upload dependency
+  - rsync
+environment:
+  targets:
+    - x86_64
+  builddir: ccw-aports
+  mirror: ""
+sources:
+  - https://git.hut.ccw.icu/~comcloudway/ccw-aports
+  - https://git.hut.ccw.icu/~comcloudway/cabin
+secrets:
+  # aports privkey
+  - 6e441cad-ff1f-4ac9-877f-76164952afb6
+  # aports pubkey
+  - 2314bda9-af3f-40f7-99cf-330595ad006f
+  # file containing rsync password. 
+  # format: RSYNC_PASSWORD="<yourpassword>"
+  - c092726a-e17c-4498-adbf-90cd4771b5eb
+tasks:
+  - prepare: |
+      cd $builddir
+      # detect changed packages
+      # build all if undetected
+      if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+        git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+      else
+        # configure keypath
+        echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
+        # start binfmt service for userspace emulation 
+        # required by abuild-rootbld
+        rc-service qemu-binfmt start
+      fi
+  - setup: |
+      if [ ! -f ~/pkglist ]; then
+        cd cabin
+        cargo build --release
+        sudo cargo install --path . --root="/usr"
+      fi
+  - index: |
+      if [ ! -f ~/pkglist ]; then
+        cd $builddir
+        cabin scan
+      fi
+  - build: |
+      cd $builddir
+      for target in "${targets[@]}"
+      do
+        if [ ! -f ~/pkglist ]; then
+          # cabin build-all will automatically generate a tree and order
+          # in which to build the dependencies
+          cabin build-all -a $target -v
+        fi
+      done
+  - upload: |
+      if [ ! -f ~/pkglist ]; then
+        set +x # hide secret
+        set -a # load variable from file even without export
+        source ~/.rsyncpass
+        set +a
+        set -x
+        rsync -Irtlzv /home/builder/packages/* $mirror
+      fi

D .forgejo/workflows/build-all.yml => .forgejo/workflows/build-all.yml +0 -55

@@ 1,55 0,0 @@
----
-on: [push]
-jobs:
-  build-all:
-    runs-on: docker
-    container:
-      image: alpine:edge
-    steps:
-      - name: Install checkout dependencies
-        run: apk add nodejs git
-      - name: Checkout
-        uses: actions/checkout@v2
-      # SETUP BUILD TOOLS
-      - name: Install tools
-        run: apk add abuild abuild-rootbld doas cargo
-      - name: Setup private key
-        run: echo "${{ secrets.PRIVKEY }}" > $PWD/comcloudway@ccw.icu.rsa
-      - name: Configure abuild
-        run: >
-          echo PACKAGER_PRIVKEY="$PWD/comcloudway@ccw.icu.rsa"
-          > /etc/abuild.conf
-      - name: Add public key to trusted keys
-        run: cp comcloudway@ccw.icu.rsa.pub /etc/apk/keys
-      - name: Add custom repo to system repos
-        run: echo "/home/builder/packages" >> /etc/apk/repositories
-      # BUILD CABIN Util
-      - name: Fetch cabin
-        run: git clone https://codeberg.org/comcloudway/cabin
-      - name: Build cabin
-        run: cd cabin && cargo build --release
-      - name: Install cabin
-        run: cd cabin && cargo install --path . --root="/usr" && cd ..
-      # SETUP BUILD USER
-      - name: Setup build user
-        run: adduser -D builder
-      - name: Add build user to abuild group
-        run: adduser builder abuild
-      - name: Make sure the builddir is writetable
-        run: chown -R builder .
-      - name: Setup doas
-        run: echo permit nopass :wheel > /etc/doas.d/abuild.conf
-      # RUN CABIN
-      - name: Index repo
-        run: cabin scan
-      - name: Build app packages
-        run: doas -u builder cabin build-all -v
-      # PUBLISH ARTIFACTS
-      - name: Install publishing utils
-        run: apk add rsync
-      - name: Publish Artifacts
-        run: >
-          RSYNC_PASSWORD="${{ secrets.DEPLOY_TOKEN }}"
-          rsync -Irtlzv
-          /home/builder/packages/*
-          rsync://${{ secrets.DEPLOY_TARGET }}

D .forgejo/workflows/check-all.yml => .forgejo/workflows/check-all.yml +0 -17

@@ 1,17 0,0 @@
----
-on: [push]
-jobs:
-  check-all:
-    runs-on: docker
-    container:
-      image: alpine:edge
-
-    steps:
-      - name: Install checkout dependencies
-        run: apk add nodejs git
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install tools
-        run: apk add atools
-      - name: Check all APKBUILDs
-        run: find . -iname 'APKBUILD' | xargs -n 1 apkbuild-lint

M .gitignore => .gitignore +1 -0

@@ 1,3 1,4 @@
+.secrets
 */src
 **/src
 **/**/src

D .woodpecker.yml => .woodpecker.yml +0 -16

@@ 1,16 0,0 @@
-platform: linux/amd64
-
-pipeline:
-  build:
-    image: alpine:edge
-    commands:
-      - apk update
-      - apk add fd bash abuild dateutils
-      - mkdir -p $HOME/.abuild
-      - echo "$PACKAGE_SIGNATURE" > $CI_WORKSPACE/comcloudway@ccw.icu.rsa
-      - echo "PACKAGER_PRIVKEY=$CI_WORKSPACE/comcloudway@ccw.icu.rsa" >> /root/.abuild/abuild.conf
-      - cp "$CI_WORKSPACE/comcloudway@ccw.icu.rsa.pub" /etc/apk/keys/
-      - echo "$HOME/packages" >> /etc/apk/repositories 
-      - export ABUILD_FLAGS="$ABUILD_FLAGS -F"
-      - ./build.sh all
-    secrets: [ package_signature ]