From 100220bc6085cc69ecc612e83c89d1713ee9bdbd Mon Sep 17 00:00:00 2001 From: Jakob Meier Date: Tue, 7 Nov 2023 21:07:33 +0100 Subject: [PATCH] Migrated to sourcehut CI: stage 1 --- .build.yml | 25 ---------- .builds/001-check-commit.yml | 11 +++++ .builds/002-build-commit.yml | 78 +++++++++++++++++++++++++++++++ .builds/003-check-all.yml | 6 +++ .builds/004-build-all.yml | 79 ++++++++++++++++++++++++++++++++ .forgejo/workflows/build-all.yml | 55 ---------------------- .forgejo/workflows/check-all.yml | 17 ------- .gitignore | 1 + .woodpecker.yml | 16 ------- 9 files changed, 175 insertions(+), 113 deletions(-) delete mode 100644 .build.yml create mode 100644 .builds/001-check-commit.yml create mode 100644 .builds/002-build-commit.yml create mode 100644 .builds/003-check-all.yml create mode 100644 .builds/004-build-all.yml delete mode 100644 .forgejo/workflows/build-all.yml delete mode 100644 .forgejo/workflows/check-all.yml delete mode 100644 .woodpecker.yml diff --git a/.build.yml b/.build.yml deleted file mode 100644 index df4967b..0000000 --- a/.build.yml +++ /dev/null @@ -1,25 +0,0 @@ -image: alpine/edge -repositories: - ccw.icu: > - /home/build/packages - https://git.sr.ht/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub - comcloudway@ccw.icu.rsa.pub -packages: - - bash - - fd - - abuild - - dateutils -sources: - - https://git.sr.ht/~comcloudway/ccw-aports/ -secrets: - # privkey - - cb16ed57-2486-4afc-be50-8bbcd3fae405 - # aports pubkey - - f0aa24db-26a9-4b3d-b379-eee7429fd6f6 -tasks: - - setup: echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf - - build: | - cd ccw-aports - ./build.sh repo main - - package: | - # TODO: Add task to upload artifacts in current repo diff --git a/.builds/001-check-commit.yml b/.builds/001-check-commit.yml new file mode 100644 index 0000000..d3562bb --- /dev/null +++ b/.builds/001-check-commit.yml @@ -0,0 +1,11 @@ +image: alpine/edge +packages: + - atools +tasks: + - prepare: | + touch ~/pkglist + if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then + git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist + fi + - check: | + cat ~/pkglist | xargs -n 1 apkbuild-lint diff --git a/.builds/002-build-commit.yml b/.builds/002-build-commit.yml new file mode 100644 index 0000000..a4220b6 --- /dev/null +++ b/.builds/002-build-commit.yml @@ -0,0 +1,78 @@ +image: alpine/edge +repositories: + ccw.icu: > + /home/build/packages + https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub + comcloudway@ccw.icu.rsa.pub +packages: + # prepare dependency + - git + # setup dependency + - cargo + # build dependency + - abuild + - abuild-rootbld + - qemu + - qemu-openrc + - qemu-x86_64 + # upload dependency + - rsync +environment: + targets: + - x86_64 + builddir: ccw-aports + mirror: "" +sources: + - https://git.hut.ccw.icu/~comcloudway/ccw-aports + - https://git.hut.ccw.icu/~comcloudway/cabin +secrets: + # aports privkey + - 6e441cad-ff1f-4ac9-877f-76164952afb6 + # aports pubkey + - 2314bda9-af3f-40f7-99cf-330595ad006f + # file containing rsync password. + # format: RSYNC_PASSWORD="" + - c092726a-e17c-4498-adbf-90cd4771b5eb +tasks: + - prepare: | + cd $builddir + # detect changed packages + # build all if undetected + if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then + git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist + # configure keypath + echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf + # start binfmt service for userspace emulation + # required by abuild-rootbld + rc-service qemu-binfmt start + fi + - setup: | + if [ -f ~/pkglist ]; then + cd cabin + cargo build --release + sudo cargo install --path . --root="/usr" + fi + - index: | + if [ -f ~/pkglist ]; then + cd $builddir + cabin scan + fi + - build: | + if [ -f ~/pkglist ]; then + cd $builddir + for target in "${targets[@]}" + do + # cabin build-group will automatically generate a tree and order + # in which to build the dependencies + cat ~/pkglist | xargs cabin build-group -a $target -v + done + fi + - upload: | + if [ -f ~/pkglist ]; then + set +x # hide secret + set -a # load variable from file even without export + source ~/.rsyncpass + set +a + set -x + rsync -Irtlzv /home/builder/packages/* $mirror + fi diff --git a/.builds/003-check-all.yml b/.builds/003-check-all.yml new file mode 100644 index 0000000..2642d74 --- /dev/null +++ b/.builds/003-check-all.yml @@ -0,0 +1,6 @@ +image: alpine/edge +packages: + - atools +tasks: + - checkall: | + find . -type f -iname 'APKBUILD' | xargs -n 1 apkbuild-lint diff --git a/.builds/004-build-all.yml b/.builds/004-build-all.yml new file mode 100644 index 0000000..d811f19 --- /dev/null +++ b/.builds/004-build-all.yml @@ -0,0 +1,79 @@ +image: alpine/edge +repositories: + ccw.icu: > + /home/build/packages + https://git.hut.ccw.icu/~comcloudway/ccw-aports/blob/main/comcloudway%40ccw.icu.rsa.pub + comcloudway@ccw.icu.rsa.pub +packages: + # prepare dependency + - git + # setup dependency + - cargo + # build dependency + - abuild + - abuild-rootbld + - qemu + - qemu-openrc + - qemu-x86_64 + # upload dependency + - rsync +environment: + targets: + - x86_64 + builddir: ccw-aports + mirror: "" +sources: + - https://git.hut.ccw.icu/~comcloudway/ccw-aports + - https://git.hut.ccw.icu/~comcloudway/cabin +secrets: + # aports privkey + - 6e441cad-ff1f-4ac9-877f-76164952afb6 + # aports pubkey + - 2314bda9-af3f-40f7-99cf-330595ad006f + # file containing rsync password. + # format: RSYNC_PASSWORD="" + - c092726a-e17c-4498-adbf-90cd4771b5eb +tasks: + - prepare: | + cd $builddir + # detect changed packages + # build all if undetected + if [ ! "$GIT_REF" = "" ] && [ ! "$(echo $GIT_REF | cut -d'/' -f'2')" = "tags" ]; then + git diff --name-only $GIT_REF~ $GIT_REF | grep APKBUILD | cut -d'/' -f 2 > ~/pkglist + else + # configure keypath + echo 'PACKAGER_PRIVKEY=$HOME/.abuild/comcloudway@ccw.icu.rsa' >> $HOME/.abuild/abuild.conf + # start binfmt service for userspace emulation + # required by abuild-rootbld + rc-service qemu-binfmt start + fi + - setup: | + if [ ! -f ~/pkglist ]; then + cd cabin + cargo build --release + sudo cargo install --path . --root="/usr" + fi + - index: | + if [ ! -f ~/pkglist ]; then + cd $builddir + cabin scan + fi + - build: | + cd $builddir + for target in "${targets[@]}" + do + if [ ! -f ~/pkglist ]; then + # cabin build-all will automatically generate a tree and order + # in which to build the dependencies + cabin build-all -a $target -v + fi + done + - upload: | + if [ ! -f ~/pkglist ]; then + set +x # hide secret + set -a # load variable from file even without export + source ~/.rsyncpass + set +a + set -x + rsync -Irtlzv /home/builder/packages/* $mirror + fi diff --git a/.forgejo/workflows/build-all.yml b/.forgejo/workflows/build-all.yml deleted file mode 100644 index 9f286c7..0000000 --- a/.forgejo/workflows/build-all.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -on: [push] -jobs: - build-all: - runs-on: docker - container: - image: alpine:edge - steps: - - name: Install checkout dependencies - run: apk add nodejs git - - name: Checkout - uses: actions/checkout@v2 - # SETUP BUILD TOOLS - - name: Install tools - run: apk add abuild abuild-rootbld doas cargo - - name: Setup private key - run: echo "${{ secrets.PRIVKEY }}" > $PWD/comcloudway@ccw.icu.rsa - - name: Configure abuild - run: > - echo PACKAGER_PRIVKEY="$PWD/comcloudway@ccw.icu.rsa" - > /etc/abuild.conf - - name: Add public key to trusted keys - run: cp comcloudway@ccw.icu.rsa.pub /etc/apk/keys - - name: Add custom repo to system repos - run: echo "/home/builder/packages" >> /etc/apk/repositories - # BUILD CABIN Util - - name: Fetch cabin - run: git clone https://codeberg.org/comcloudway/cabin - - name: Build cabin - run: cd cabin && cargo build --release - - name: Install cabin - run: cd cabin && cargo install --path . --root="/usr" && cd .. - # SETUP BUILD USER - - name: Setup build user - run: adduser -D builder - - name: Add build user to abuild group - run: adduser builder abuild - - name: Make sure the builddir is writetable - run: chown -R builder . - - name: Setup doas - run: echo permit nopass :wheel > /etc/doas.d/abuild.conf - # RUN CABIN - - name: Index repo - run: cabin scan - - name: Build app packages - run: doas -u builder cabin build-all -v - # PUBLISH ARTIFACTS - - name: Install publishing utils - run: apk add rsync - - name: Publish Artifacts - run: > - RSYNC_PASSWORD="${{ secrets.DEPLOY_TOKEN }}" - rsync -Irtlzv - /home/builder/packages/* - rsync://${{ secrets.DEPLOY_TARGET }} diff --git a/.forgejo/workflows/check-all.yml b/.forgejo/workflows/check-all.yml deleted file mode 100644 index a3d6ca3..0000000 --- a/.forgejo/workflows/check-all.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -on: [push] -jobs: - check-all: - runs-on: docker - container: - image: alpine:edge - - steps: - - name: Install checkout dependencies - run: apk add nodejs git - - name: Checkout - uses: actions/checkout@v2 - - name: Install tools - run: apk add atools - - name: Check all APKBUILDs - run: find . -iname 'APKBUILD' | xargs -n 1 apkbuild-lint diff --git a/.gitignore b/.gitignore index b4da08c..2505f6f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.secrets */src **/src **/**/src diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index 56a3511..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,16 +0,0 @@ -platform: linux/amd64 - -pipeline: - build: - image: alpine:edge - commands: - - apk update - - apk add fd bash abuild dateutils - - mkdir -p $HOME/.abuild - - echo "$PACKAGE_SIGNATURE" > $CI_WORKSPACE/comcloudway@ccw.icu.rsa - - echo "PACKAGER_PRIVKEY=$CI_WORKSPACE/comcloudway@ccw.icu.rsa" >> /root/.abuild/abuild.conf - - cp "$CI_WORKSPACE/comcloudway@ccw.icu.rsa.pub" /etc/apk/keys/ - - echo "$HOME/packages" >> /etc/apk/repositories - - export ABUILD_FLAGS="$ABUILD_FLAGS -F" - - ./build.sh all - secrets: [ package_signature ] -- 2.38.5