Skip to content
.github/workflows/debian.yml

feat(debian): publish GPG Public Key #62

Sign in to view logs

feat(debian): publish GPG Public Key

feat(debian): publish GPG Public Key #62

Workflow file for this run

.github/workflows/debian.yml at 7602bcd
name: Debian Packages

Check failure on line 1 in .github/workflows/debian.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/debian.yml

Invalid workflow file 

(Line: 186, Col: 24): Unrecognized named-value: 'variables'. Located at position 1 within expression: variables.DEB_PUB_KEY
on: [push]
jobs:
debian-build:
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-24.04
arch: amd64
packages_allarch: "cartesi-machine-linux-image cartesi-machine-rootfs-image"
- runner: ubuntu-24.04-arm
arch: arm64
packages_allarch: ""
# - runner: ubuntu-24.04-riscv
# arch: riscv64
# packages_allarch: ""
runs-on: ${{ matrix.runner }}
name: Debian Build
permissions:
packages: write
contents: read
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive
- name: Setup up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Make builder container image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
with:
context: debian
file: debian/Dockerfile
platforms: linux/${{ matrix.arch }}
tags: cartesi/deb-builder-${{ matrix.arch }}
load: true
push: false
cache-from: type=gha,scope=${{ matrix.arch }}
cache-to: type=gha,scope=${{ matrix.arch }},mode=max
- name: Restore cached packages
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: cdn/apt
key: apt-packages-${{ matrix.arch }}-${{ github.sha }}
restore-keys: apt-packages-${{ matrix.arch }}-
- name: Build packages
working-directory: debian
run: make packages TARGET_ARCH=${{ matrix.arch }} PACKAGES_ALLARCH="${{ matrix.packages_allarch }}"
- name: Export builder container image
run: docker save cartesi/deb-builder-${{ matrix.arch }} | gzip > /tmp/deb-builder-${{ matrix.arch }}.tar.gz
- name: Upload builder container image
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: image-deb-builder-${{ matrix.arch }}
path: /tmp/deb-builder-${{ matrix.arch }}.tar.gz
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: artifacts-apt-${{ matrix.arch }}
path: cdn/apt
debian-test:
runs-on: ubuntu-24.04
name: Debian Test
needs: [ debian-build ]
permissions:
packages: write
contents: read
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive
- name: Download apt artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: artifacts-apt-*
path: cdn/apt/
merge-multiple: true
- name: Download builder images
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: image-deb-builder-*
path: /tmp/images
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Import builder images
run: find /tmp/images -name '*.tar.gz' | xargs -I {} docker image load --input {}
- name: Make index
working-directory: debian
run: make index
- name: Test
working-directory: debian
run: |
make test-packages TARGET_ARCH=amd64
make test-packages TARGET_ARCH=arm64
debian-sign:
runs-on: ubuntu-24.04
name: Debian Signing
needs: [ debian-build, debian-test ]
#FIXME: uncoment when have final signing key
#if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')
environment: signing
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive
- name: Download apt artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: artifacts-apt-*
path: cdn/apt/
merge-multiple: true
- name: Download builder images
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: image-deb-builder-amd64
path: /tmp/images
- name: Import builder images
run: find /tmp/images -name '*.tar.gz' | xargs -I {} docker image load --input {}
- name: Import GPG signing key
working-directory: debian
env:
DEB_KEY: ${{ secrets.DEB_KEY }}
run: |
mkdir -p key
chmod 700 key
echo "$DEB_KEY" | gpg --homedir "$(pwd)/key" --import
- name: Make index
working-directory: debian
run: make index
- name: Sign repository
working-directory: debian
run: make sign
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: signed-artifacts-apt
path: cdn
publish:
needs: debian-sign
#FIXME: uncoment when process is validated
#if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-24.04
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
permissions:
pages: write
id-token: write
steps:
- name: Download signed archives
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: signed-artifacts-apt
path: _site/
- name: Create GPG Public Key from variable
env:
DEB_PUB_KEY: ${{ variables.DEB_PUB_KEY }}
run: |
mkdir -p _site/apt/keys
echo "$DEB_PUB_KEY" > _site/apt/keys/cartesi-deb-key.gpg
- name: Setup Pages
uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v5.0.0
- name: Upload artifact
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0