forked from nginx/agent
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile.packaging
More file actions
178 lines (161 loc) · 7.23 KB
/
Makefile.packaging
File metadata and controls
178 lines (161 loc) · 7.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/usr/bin/make -f
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Variable Definitions #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
PACKAGES_DIR := ./build/packages
GITHUB_PACKAGES_DIR := ./build/github/packages
AZURE_PACKAGES_DIR := ./build/azure/packages
BINARY_PATH := $(BUILD_DIR)/$(BINARY_NAME)
GPG_PUBLIC_KEY := .key
PACKAGE_BUILD ?= 1
PACKAGE_VERSION ?= $(shell echo ${VERSION} | tr -d 'v')
TARBALL_NAME := $(PACKAGE_PREFIX).tar.gz
DEB_DISTROS ?= ubuntu-questing-25.10 ubuntu-plucky-25.04 ubuntu-noble-24.04 ubuntu-jammy-22.04 ubuntu-focal-20.04 debian-trixie-13 debian-bookworm-12 debian-bullseye-11
DEB_ARCHS ?= arm64 amd64
RPM_DISTROS ?= suse-15-x86_64 suse-16-x86_64
RPM_ARCH := x86_64
REDHAT_VERSIONS ?= redhatenterprise-8 redhatenterprise-9 redhatenterprise-10
REDHAT_ARCHS ?= aarch64 x86_64
APK_VERSIONS ?= 3.20 3.21 3.22
APK_ARCHS ?= aarch64 x86_64
APK_REVISION ?= 1
AMAZON_VERSIONS ?= amazon-2 amazon-2023
AMAZON_ARCHS ?= aarch64 x86_64
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Release Packaging #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
.PHONY: clean-packages
clean-packages:
rm -rf $(PACKAGES_DIR)
$(PACKAGES_DIR):
@mkdir -p $(PACKAGES_DIR)/deb && mkdir -p $(PACKAGES_DIR)/rpm && mkdir -p $(PACKAGES_DIR)/apk
.PHONY: package
package: gpg-key $(PACKAGES_DIR) #### Create final packages for all supported distros
# Build binaries for all supported architectures
@for arch in $(DEB_ARCHS); do \
mkdir -p $(BUILD_DIR)/$${arch}; \
cp .nfpm.yaml .nfpm.$${arch}.yaml; \
sed -i.bak "s/\^ARCH\^/$${arch}/g" ".nfpm.$${arch}.yaml"; \
sed -i.bak "s/\^BUILD_PATH\^/\.\/build\/$${arch}/g" ".nfpm.$${arch}.yaml"; \
echo "Building linux/$${arch}"; \
start_time=$$(date +%s); \
GOWORK=off CGO_ENABLED=0 GOARCH=$${arch} GOOS=linux \
go build -pgo=auto -ldflags=${LDFLAGS} \
-o $(BUILD_DIR)/$${arch}/$(BINARY_NAME) \
$(PROJECT_DIR)/$(PROJECT_FILE); \
end_time=$$(date +%s); \
rm -f .nfpm.$${arch}.yaml.bak; \
sha256sum build/$${arch}/nginx-agent | awk '{print $$1}' > $(BUILD_DIR)/$${arch}/$(BINARY_NAME).sha256; \
echo $${start_time} > $(BUILD_DIR)/$${arch}/$(BINARY_NAME).buildstart; \
echo $${end_time} > $(BUILD_DIR)/$${arch}/$(BINARY_NAME).buildend; \
echo "Built binary:"; \
ls -la "$(BUILD_DIR)/$${arch}/$(BINARY_NAME)"; \
cat $(BUILD_DIR)/$${arch}/$(BINARY_NAME).sha256; \
echo "Built took "$$((end_time - start_time))" seconds"; \
done; \
# Create deb packages
@for arch in $(DEB_ARCHS); do \
for distro in $(DEB_DISTROS); do \
deb_codename=`echo $${distro} | cut -d- -f 2`; \
VERSION=$(PACKAGE_VERSION)~$${deb_codename} \
nfpm pkg --config .nfpm.$${arch}.yaml \
--packager deb \
--target ${PACKAGES_DIR}/deb/${PACKAGE_PREFIX}_$(PACKAGE_VERSION)~$${deb_codename}_$${arch}.deb; \
done; \
done; \
# Create rpm packages
@for distro in $(RPM_DISTROS); do \
rpm_distro=`echo $$distro | cut -d- -f 1`; \
rpm_major=`echo $$distro | cut -d- -f 2`; \
rpm_codename='na'; \
if [ "$$rpm_distro" = "suse" ]; then rpm_codename="sles$$rpm_major"; \
fi; \
if [ "$$rpm_codename" != "na" ]; then \
VERSION=$(PACKAGE_VERSION) ARCH=amd64 \
nfpm pkg --config .nfpm.amd64.yaml \
--packager rpm \
--target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.${RPM_ARCH}.rpm; \
fi; \
done; \
# Create redhat rpm packages
@for arch in $(REDHAT_ARCHS); do \
goarch=amd64; \
if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \
for distro in $(REDHAT_VERSIONS); do \
rpm_distro=`echo $$distro | cut -d- -f 1`; \
rpm_major=`echo $$distro | cut -d- -f 2`; \
rpm_codename="el$$rpm_major"; \
VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \
nfpm pkg --config .nfpm.$${goarch}.yaml \
--packager rpm \
--target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \
done; \
done; \
# Create amazon rpm packages
@for arch in $(AMAZON_ARCHS); do \
goarch=amd64; \
if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \
for version in $(AMAZON_VERSIONS); do \
rpm_major=`echo $$version | cut -d- -f 2`; \
rpm_codename="amzn$$rpm_major";\
VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \
nfpm pkg --config .nfpm.$$goarch.yaml \
--packager rpm \
--target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \
done; \
done; \
# Create apk packages
@for arch in $(APK_ARCHS); do \
goarch=amd64; \
if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \
for version in $(APK_VERSIONS); do \
if [ ! -d "$(PACKAGES_DIR)/apk/v$${version}/$${arch}" ]; then mkdir -p $(PACKAGES_DIR)/apk/v$${version}/$${arch}; fi; \
VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \
nfpm pkg --config .nfpm.$$goarch.yaml \
--packager apk \
--target $(PACKAGES_DIR)/apk/v$${version}/$${arch}/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).apk; \
done; \
done;
# Package build complete
@echo "DEB packages:"; \
find $(PACKAGES_DIR)/deb -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort;
@echo "RPM packages:"; \
find $(PACKAGES_DIR)/rpm -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort;
@echo "APK packages:"; \
find $(PACKAGES_DIR)/apk -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort;
# Clean up temporary nfpm config files
@for arch in $(DEB_ARCHS); do \
rm -f .nfpm.$$arch.yaml; \
done; \
# Create tarball containing all packages
@echo "Creating tarball: $(TARBALL_NAME)"; \
rm -f $(PACKAGES_DIR)/$(TARBALL_NAME); \
cd $(PACKAGES_DIR); \
tar -czvf "./$(TARBALL_NAME)" *; \
cd ../.. \
ls -la $(PACKAGES_DIR)/$(TARBALL_NAME);
.PHONY: gpg-key
gpg-key: ## Generate GPG public key
@if [ -z "$(NFPM_SIGNING_KEY_FILE)" ]; then \
echo "NFPM_SIGNING_KEY_FILE is not set. Exiting..."; \
exit 1; \
fi
@echo "Generating GPG public key for package signing...";
@$$(gpg --import $(NFPM_SIGNING_KEY_FILE)); \
keyid=$$(gpg --list-keys NGINX | egrep -A1 "^pub" | egrep -v "^pub" | tr -d '[:space:]'); \
if [ -z "$$keyid" ]; then echo "Error: GPG key not found."; exit 1; fi; \
# Check if the key is expired \
# Look for the 'e' (expired) flag in the 'pub' or 'uid' lines \
if gpg --list-keys --with-colons "$$keyid" | grep -E '^pub:e:|^uid:e:'; then \
echo "Error: GPG key has expired."; \
exit 1; \
fi; \
expiry=1y; \
$$(gpg --quick-set-expire $$keyid $$expiry '*'); \
# we need to convert the private gpg key to rsa pem format for pkg signing \
$$(gpg --export-secret-key $$keyid | openpgp2ssh $$keyid > .key.rsa); \
$$(gpg --output $(GPG_PUBLIC_KEY) --armor --export)
.PHONY: release
release: ## Publish tarball to the UPLOAD_URL
echo "Publishing nginx-agent packages to ${UPLOAD_URL}"; \
curl -XPOST --fail -F "file=@$(PACKAGES_DIR)/$(TARBALL_NAME)" -H "Token: ${TOKEN}" ${UPLOAD_URL}; \