Skip to content

Commit 556e546

Browse files
akhilmhdhakhilmhdh
committed
feat: resolved pipelien failing to upload rpm
1 parent 9595917 commit 556e546

File tree

2 files changed

+39
-29
lines changed

2 files changed

+39
-29
lines changed

.github/workflows/release-package-deb.yml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -88,12 +88,11 @@ jobs:
8888
sudo apt-get update
8989
sudo apt-get install -y rpm
9090
91-
# - name: Install rpmrepo-update
92-
# run: |
93-
# curl -L https://github.com/e2llm/rpmrepo-update/releases/latest/download/rpmrepo-update-linux-amd64 -o rpmrepo-update
94-
# chmod +x rpmrepo-update
95-
# sudo mv rpmrepo-update /usr/local/bin/
96-
- run: pip install --upgrade cloudsmith-cli
91+
- name: Install repogen
92+
run: |
93+
curl -L https://github.com/ralt/repogen/releases/latest/download/repogen-linux-amd64 -o repogen
94+
chmod +x repogen
95+
sudo mv repogen /usr/local/bin/
9796
9897
- name: Install AWS CLI
9998
run: |
@@ -110,10 +109,10 @@ jobs:
110109
env:
111110
INFISICAL_BINARY_S3_BUCKET: ${{ secrets.INFISICAL_BINARY_S3_BUCKET }}
112111
GPG_SIGNING_KEY_ID: ${{ secrets.GPG_SIGNING_KEY_ID }}
112+
GPG_SIGNING_KEY_PASSPHRASE: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
113113
AWS_ACCESS_KEY_ID: ${{ secrets.INFISICAL_BINARY_REPO_AWS_ACCESS_KEY_ID }}
114114
AWS_SECRET_ACCESS_KEY: ${{ secrets.INFISICAL_BINARY_REPO_AWS_SECRET_ACCESS_KEY }}
115115
CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.INFISICAL_BINARY_REPO_CLOUDFRONT_DISTRIBUTION_ID }}
116-
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
117116

118117
create-github-release:
119118
name: Create GitHub Release

upload_to_s3.sh

Lines changed: 33 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -5,34 +5,45 @@ for i in *.deb; do
55
deb-s3 upload --bucket=$INFISICAL_BINARY_S3_BUCKET --prefix=deb --visibility=private --sign=$GPG_SIGNING_KEY_ID --preserve-versions $i
66
done
77

8-
# for i in *.rpm; do
9-
# [ -f "$i" ] || break
10-
#
11-
# # strip out .amazon2023 suffix if present
12-
# new_name=$(echo "$i" | sed 's/.amazon2023//g')
13-
# if [ "$i" != "$new_name" ]; then
14-
# mv "$i" "$new_name"
15-
# fi
16-
#
17-
# #sign the rpm package
18-
# rpmsign --addsign --key-id="$GPG_SIGNING_KEY_ID" "$new_name"
19-
#
20-
# aws s3 cp "$new_name" "s3://$INFISICAL_BINARY_S3_BUCKET/dummy/rpm/Packages/"
21-
# done
22-
238
for i in *.rpm; do
249
[ -f "$i" ] || break
25-
# stripe of amazon2023
10+
11+
# strip out .amazon2023 suffix if present
2612
new_name=$(echo "$i" | sed 's/.amazon2023//g')
27-
# rename
2813
if [ "$i" != "$new_name" ]; then
2914
mv "$i" "$new_name"
3015
fi
3116

32-
cloudsmith push rpm --republish infisical/infisical-core/any-distro/any-version "$new_name"
17+
# sign the rpm package
18+
rpmsign --addsign --key-id="$GPG_SIGNING_KEY_ID" "$new_name"
19+
20+
# upload signed package to S3
21+
aws s3 cp "$new_name" "s3://$INFISICAL_BINARY_S3_BUCKET/rpm/Packages/"
3322
done
3423

35-
# regenerate RPM repository metadata with rpmrepo-update
36-
# if ls *.rpm 1> /dev/null 2>&1; then
37-
# rpmrepo-update --backend s3 --repo-root s3://$INFISICAL_BINARY_S3_BUCKET/dummy/rpm --s3-region us-east-1 --sign-repodata --gpg-key "$GPG_SIGNING_KEY_ID" add *.rpm
38-
# fi
24+
# regenerate RPM repository metadata with repogen
25+
if ls *.rpm 1> /dev/null 2>&1; then
26+
REPO_VERSION="40"
27+
REPO_ARCH="x86_64"
28+
29+
# map S3 flat repodata into the versioned structure repogen expects
30+
mkdir -p "repo/${REPO_VERSION}/${REPO_ARCH}/repodata"
31+
aws s3 sync "s3://$INFISICAL_BINARY_S3_BUCKET/rpm/repodata" "repo/${REPO_VERSION}/${REPO_ARCH}/repodata" --delete
32+
33+
# export GPG private key for repogen
34+
GPG_KEY_FILE=$(mktemp)
35+
gpg --batch --pinentry-mode loopback --export-secret-keys --armor "$GPG_SIGNING_KEY_ID" > "$GPG_KEY_FILE"
36+
37+
# generate repo metadata incrementally
38+
repogen generate \
39+
--input-dir . \
40+
--output-dir repo \
41+
--incremental \
42+
--gpg-key "$GPG_KEY_FILE" \
43+
--gpg-passphrase "$GPG_SIGNING_KEY_PASSPHRASE"
44+
45+
rm -f "$GPG_KEY_FILE"
46+
47+
# sync the generated repodata back to the flat S3 structure
48+
aws s3 sync "repo/${REPO_VERSION}/${REPO_ARCH}/repodata" "s3://$INFISICAL_BINARY_S3_BUCKET/rpm/repodata"
49+
fi

0 commit comments

Comments
 (0)