Move lock guards to protect deleting basically to satisfy AI. It is … #156
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-native-packages-signed-aarch64 | |
| on: | |
| push: | |
| branches: [ master ] | |
| permissions: | |
| contents: write | |
| env: | |
| GPG_KEY_ID: ${{ secrets.ZMREPO_GPG_KEY_ID }} | |
| GPG_PASSPHRASE: ${{ secrets.ZMREPO_GPG_PASSPHRASE }} | |
| GPG_PRIVATE_KEY_B64: ${{ secrets.ZMREPO_GPG_PRIVATE_KEY_B64 }} | |
| DEBEMAIL: "[email protected]" | |
| DEBFULLNAME: "Github CI" | |
| TZ: America/New_York | |
| DEBIAN_FRONTEND: noninteractive | |
| DEBSIGN_KEYID: ${{ secrets.ZMREPO_GPG_KEY_ID }} | |
| SMPFLAGS: -j10 | |
| jobs: | |
| build-debian: | |
| name: Build & sign .deb (${{ matrix.distro }}) | |
| if: github.repository == 'ZoneMinder/zoneminder' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: ["debian:sid", "debian:13", "debian:12", "ubuntu:25.10", "ubuntu:devel", "ubuntu:24.04", "ubuntu:22.04"] | |
| runs-on: self-hosted | |
| container: | |
| image: ${{ matrix.distro }} | |
| steps: | |
| - name: Prep apt | |
| run: | | |
| set -eux | |
| echo "Acquire::HTTP::Proxy \"http://192.168.9.128:3142\";" > /etc/apt/apt.conf.d/01proxy | |
| if grep -q '^deb http' /etc/apt/sources.list && ! grep -q '^deb-src'\ | |
| /etc/apt/sources.list; then | |
| sed -n 's/^deb /deb-src /p' /etc/apt/sources.list >> \ | |
| /etc/apt/sources.list | |
| fi | |
| if [ -f /etc/apt/sources.list.d/debian.sources ]; then | |
| sed -i 's/^Types: deb$/Types: deb deb-src/g' \ | |
| /etc/apt/sources.list.d/debian.sources | |
| fi | |
| if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then | |
| sed -i 's/^Types: deb$/Types: deb deb-src/g' \ | |
| /etc/apt/sources.list.d/ubuntu.sources | |
| fi | |
| apt-get update | |
| - name: Install build tools | |
| run: | | |
| set -eux | |
| apt install -y --no-install-recommends \ | |
| git ca-certificates gnupg lsb-release \ | |
| build-essential devscripts debhelper equivs fakeroot \ | |
| cmake pkg-config ccache curl bash rsync openssh-client | |
| apt install -y debhelper sphinx-doc dh-linktree dh-apache2 cmake \ | |
| libavcodec-dev libavdevice-dev libavformat-dev libavutil-dev \ | |
| libswresample-dev libswscale-dev libbz2-dev \ | |
| libturbojpeg0-dev default-libmysqlclient-dev \ | |
| libpolkit-gobject-1-dev libv4l-dev libvlc-dev libssl-dev \ | |
| libvncserver-dev libjwt-gnutls-dev libgsoap-dev gsoap \ | |
| libmosquittopp-dev | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.ZMREPO_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.ZMREPO_GPG_PASSPHRASE }} | |
| git_user_signingkey: false | |
| git_commit_gpgsign: false | |
| - name: Install build-deps from debian/control | |
| run: | | |
| set -eux | |
| ln -sf distros/ubuntu2004 debian | |
| mk-build-deps -ir -t "apt-get -y --no-install-recommends" \ | |
| debian/control | |
| - name: Build (signed) | |
| env: | |
| DEB_BUILD_OPTIONS: "parallel=$(nproc)" | |
| # gpg picks passphrase from environment via loopback | |
| run: | | |
| cd ../ | |
| ln -sf zoneminder ZoneMinder_ZoneMinder.git | |
| # Needed because we are running as root | |
| git config --global --add safe.directory /__w/zoneminder/zoneminder | |
| git config --global --add safe.directory /__w/zoneminder/ZoneMinder_ZoneMinder.git/.git | |
| #git submodule init | |
| #git submodule update --init --recursive | |
| curl -s -o do_debian_package.sh https://raw.githubusercontent.com/ZoneMinder/zoneminder/refs/heads/master/utils/do_debian_package.sh | |
| chmod +x do_debian_package.sh | |
| # Tell gpg to use loopback + passphrase | |
| export GPG_TTY=$(tty || true) | |
| ls -l /bin/bash | |
| ./do_debian_package.sh -s=CURRENT -t=binary | |
| - name: Cleanup | |
| run: | | |
| rm -rf *_zoneminder_release *.build | |
| - name: Collect .deb artifacts (incl. signed metadata & public key) | |
| run: | | |
| set -eux | |
| mkdir -p artifacts/deb | |
| mv ../*.deb ../*.buildinfo ../*.changes ../*.dsc ../*.tar.xz ../*.tar.gz artifacts/deb/ || true | |
| # quick verify signatures (non-fatal) | |
| gpg --verify artifacts/deb/*.changes || true | |
| gpg --verify artifacts/deb/*.buildinfo || true | |
| - name: Sanitize Artifact name | |
| id: prep_artifact_name | |
| run: | | |
| # Use `sed` to replace invalid characters with a hyphen | |
| sanitized_distro_name=$(echo -n "${{ matrix.distro }}" | sed -e 's/[;\\\/:<>"|*?]/_/g' -e 's/__*/_/g') | |
| echo "artifact_name=binary-${sanitized_distro_name}" >> $GITHUB_ENV | |
| - name: Upload .deb artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| path: artifacts/deb | |
| name: ${{ env.artifact_name }} | |
| - name: Publish to ZMREPO | |
| uses: easingthemes/ssh-deploy@main | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.ZMREPO_SSH_KEY }} | |
| ARGS: "-rltgoDzvO" | |
| SOURCE: artifacts/deb/ | |
| REMOTE_HOST: ${{ secrets.ZMREPO_HOST }} | |
| REMOTE_USER: ${{ secrets.ZMREPO_SSH_USER }} | |
| TARGET: debian/master/mini-dinstall/incoming/ | |
| release: | |
| name: Create GitHub Release (on tag) | |
| needs: build-debian | |
| if: github.repository == 'ZoneMinder/zoneminder' && startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| path: dist | |
| - name: Create release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: dist/**/* |