D .build.yml => .build.yml +0 -25
@@ 1,25 0,0 @@
-image: alpine/edge
-repositories:
- ccw.icu: >
- /home/build/packages
- https://git.sr.ht/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
- comcloudway@ccw.icu.rsa.pub
-packages:
- - bash
- - fd
- - abuild
- - dateutils
-sources:
- - https://git.sr.ht/~comcloudway/ccw-aports/
-secrets:
- # privkey
- - cb16ed57-2486-4afc-be50-8bbcd3fae405
- # aports pubkey
- - f0aa24db-26a9-4b3d-b379-eee7429fd6f6
-tasks:
- - setup: echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
- - build: |
- cd ccw-aports
- ./build.sh repo main
- - package: |
- # TODO: Add task to upload artifacts in current repo
A .builds/001-check-commit.yml => .builds/001-check-commit.yml +11 -0
@@ 0,0 1,11 @@
+image: alpine/edge
+packages:
+ - atools
+tasks:
+ - prepare: |
+ touch ~/pkglist
+ if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+ git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+ fi
+ - check: |
+ cat ~/pkglist | xargs -n 1 apkbuild-lint
A .builds/002-build-commit.yml => .builds/002-build-commit.yml +78 -0
@@ 0,0 1,78 @@
+image: alpine/edge
+repositories:
+ ccw.icu: >
+ /home/build/packages
+ https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
+ comcloudway@ccw.icu.rsa.pub
+packages:
+ # prepare dependency
+ - git
+ # setup dependency
+ - cargo
+ # build dependency
+ - abuild
+ - abuild-rootbld
+ - qemu
+ - qemu-openrc
+ - qemu-x86_64
+ # upload dependency
+ - rsync
+environment:
+ targets:
+ - x86_64
+ builddir: ccw-aports
+ mirror: ""
+sources:
+ - https://git.hut.ccw.icu/~comcloudway/ccw-aports
+ - https://git.hut.ccw.icu/~comcloudway/cabin
+secrets:
+ # aports privkey
+ - 6e441cad-ff1f-4ac9-877f-76164952afb6
+ # aports pubkey
+ - 2314bda9-af3f-40f7-99cf-330595ad006f
+ # file containing rsync password.
+ # format: RSYNC_PASSWORD="<yourpassword>"
+ - c092726a-e17c-4498-adbf-90cd4771b5eb
+tasks:
+ - prepare: |
+ cd $builddir
+ # detect changed packages
+ # build all if undetected
+ if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+ git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+ # configure keypath
+ echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
+ # start binfmt service for userspace emulation
+ # required by abuild-rootbld
+ rc-service qemu-binfmt start
+ fi
+ - setup: |
+ if [ -f ~/pkglist ]; then
+ cd cabin
+ cargo build --release
+ sudo cargo install --path . --root="/usr"
+ fi
+ - index: |
+ if [ -f ~/pkglist ]; then
+ cd $builddir
+ cabin scan
+ fi
+ - build: |
+ if [ -f ~/pkglist ]; then
+ cd $builddir
+ for target in "${targets[@]}"
+ do
+ # cabin build-group will automatically generate a tree and order
+ # in which to build the dependencies
+ cat ~/pkglist | xargs cabin build-group -a $target -v
+ done
+ fi
+ - upload: |
+ if [ -f ~/pkglist ]; then
+ set +x # hide secret
+ set -a # load variable from file even without export
+ source ~/.rsyncpass
+ set +a
+ set -x
+ rsync -Irtlzv /home/builder/packages/* $mirror
+ fi
A .builds/003-check-all.yml => .builds/003-check-all.yml +6 -0
@@ 0,0 1,6 @@
+image: alpine/edge
+packages:
+ - atools
+tasks:
+ - checkall: |
+ find . -type f -iname 'APKBUILD' | xargs -n 1 apkbuild-lint
A .builds/004-build-all.yml => .builds/004-build-all.yml +79 -0
@@ 0,0 1,79 @@
+image: alpine/edge
+repositories:
+ ccw.icu: >
+ /home/build/packages
+ https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub
+ comcloudway@ccw.icu.rsa.pub
+packages:
+ # prepare dependency
+ - git
+ # setup dependency
+ - cargo
+ # build dependency
+ - abuild
+ - abuild-rootbld
+ - qemu
+ - qemu-openrc
+ - qemu-x86_64
+ # upload dependency
+ - rsync
+environment:
+ targets:
+ - x86_64
+ builddir: ccw-aports
+ mirror: ""
+sources:
+ - https://git.hut.ccw.icu/~comcloudway/ccw-aports
+ - https://git.hut.ccw.icu/~comcloudway/cabin
+secrets:
+ # aports privkey
+ - 6e441cad-ff1f-4ac9-877f-76164952afb6
+ # aports pubkey
+ - 2314bda9-af3f-40f7-99cf-330595ad006f
+ # file containing rsync password.
+ # format: RSYNC_PASSWORD="<yourpassword>"
+ - c092726a-e17c-4498-adbf-90cd4771b5eb
+tasks:
+ - prepare: |
+ cd $builddir
+ # detect changed packages
+ # build all if undetected
+ if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then
+ git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist
+ else
+ # configure keypath
+ echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf
+ # start binfmt service for userspace emulation
+ # required by abuild-rootbld
+ rc-service qemu-binfmt start
+ fi
+ - setup: |
+ if [ ! -f ~/pkglist ]; then
+ cd cabin
+ cargo build --release
+ sudo cargo install --path . --root="/usr"
+ fi
+ - index: |
+ if [ ! -f ~/pkglist ]; then
+ cd $builddir
+ cabin scan
+ fi
+ - build: |
+ cd $builddir
+ for target in "${targets[@]}"
+ do
+ if [ ! -f ~/pkglist ]; then
+ # cabin build-all will automatically generate a tree and order
+ # in which to build the dependencies
+ cabin build-all -a $target -v
+ fi
+ done
+ - upload: |
+ if [ ! -f ~/pkglist ]; then
+ set +x # hide secret
+ set -a # load variable from file even without export
+ source ~/.rsyncpass
+ set +a
+ set -x
+ rsync -Irtlzv /home/builder/packages/* $mirror
+ fi
D .forgejo/workflows/build-all.yml => .forgejo/workflows/build-all.yml +0 -55
@@ 1,55 0,0 @@
----
-on: [push]
-jobs:
- build-all:
- runs-on: docker
- container:
- image: alpine:edge
- steps:
- - name: Install checkout dependencies
- run: apk add nodejs git
- - name: Checkout
- uses: actions/checkout@v2
- # SETUP BUILD TOOLS
- - name: Install tools
- run: apk add abuild abuild-rootbld doas cargo
- - name: Setup private key
- run: echo "${{ secrets.PRIVKEY }}" > $PWD/comcloudway@ccw.icu.rsa
- - name: Configure abuild
- run: >
- echo PACKAGER_PRIVKEY="$PWD/comcloudway@ccw.icu.rsa"
- > /etc/abuild.conf
- - name: Add public key to trusted keys
- run: cp comcloudway@ccw.icu.rsa.pub /etc/apk/keys
- - name: Add custom repo to system repos
- run: echo "/home/builder/packages" >> /etc/apk/repositories
- # BUILD CABIN Util
- - name: Fetch cabin
- run: git clone https://codeberg.org/comcloudway/cabin
- - name: Build cabin
- run: cd cabin && cargo build --release
- - name: Install cabin
- run: cd cabin && cargo install --path . --root="/usr" && cd ..
- # SETUP BUILD USER
- - name: Setup build user
- run: adduser -D builder
- - name: Add build user to abuild group
- run: adduser builder abuild
- - name: Make sure the builddir is writetable
- run: chown -R builder .
- - name: Setup doas
- run: echo permit nopass :wheel > /etc/doas.d/abuild.conf
- # RUN CABIN
- - name: Index repo
- run: cabin scan
- - name: Build app packages
- run: doas -u builder cabin build-all -v
- # PUBLISH ARTIFACTS
- - name: Install publishing utils
- run: apk add rsync
- - name: Publish Artifacts
- run: >
- RSYNC_PASSWORD="${{ secrets.DEPLOY_TOKEN }}"
- rsync -Irtlzv
- /home/builder/packages/*
- rsync://${{ secrets.DEPLOY_TARGET }}
D .forgejo/workflows/check-all.yml => .forgejo/workflows/check-all.yml +0 -17
@@ 1,17 0,0 @@
----
-on: [push]
-jobs:
- check-all:
- runs-on: docker
- container:
- image: alpine:edge
-
- steps:
- - name: Install checkout dependencies
- run: apk add nodejs git
- - name: Checkout
- uses: actions/checkout@v2
- - name: Install tools
- run: apk add atools
- - name: Check all APKBUILDs
- run: find . -iname 'APKBUILD' | xargs -n 1 apkbuild-lint
M .gitignore => .gitignore +1 -0
@@ 1,3 1,4 @@
+.secrets
*/src
**/src
**/**/src
D .woodpecker.yml => .woodpecker.yml +0 -16
@@ 1,16 0,0 @@
-platform: linux/amd64
-
-pipeline:
- build:
- image: alpine:edge
- commands:
- - apk update
- - apk add fd bash abuild dateutils
- - mkdir -p $HOME/.abuild
- - echo "$PACKAGE_SIGNATURE" > $CI_WORKSPACE/comcloudway@ccw.icu.rsa
- - echo "PACKAGER_PRIVKEY=$CI_WORKSPACE/comcloudway@ccw.icu.rsa" >> /root/.abuild/abuild.conf
- - cp "$CI_WORKSPACE/comcloudway@ccw.icu.rsa.pub" /etc/apk/keys/
- - echo "$HOME/packages" >> /etc/apk/repositories
- - export ABUILD_FLAGS="$ABUILD_FLAGS -F"
- - ./build.sh all
- secrets: [ package_signature ]