diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 519827532c..bb883bc3fd 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -232,22 +232,6 @@ jobs: export PATH=$PATH:~/go/bin nfpm --version - - name: Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Build Docker Image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - file: scripts/packages/packager/Dockerfile - tags: build-signed-packager:1.0.0 - context: '.' - push: false - load: true - cache-from: type=gha,scope=build-signed-packager - cache-to: type=gha,scope=build-signed-packager,mode=max - build-args: | - package_type=signed-package - - name: Set the VERSION environment variable run: echo VERSION=v${{ inputs.packageVersion }} >> $GITHUB_ENV diff --git a/.nfpm.yaml b/.nfpm.yaml index ece9110c1c..abc2bb7d2b 100644 --- a/.nfpm.yaml +++ b/.nfpm.yaml @@ -1,7 +1,7 @@ # this is the base "template" for the package name: nginx-agent description: NGINX Agent -arch: ${ARCH} +arch: ^ARCH^ # substituted in Makefile.packaging version: ${VERSION} priority: optional vendor: NGINX Software, Inc. @@ -9,7 +9,7 @@ maintainer: NGINX Inc. homepage: https://github.com/nginx/agent license: Apache 2.0 contents: - - src: ./build/nginx-agent + - src: ^BUILD_PATH^/nginx-agent # substituted in Makefile.packaging dst: /usr/bin/nginx-agent - src: nginx-agent.conf dst: /etc/nginx-agent/nginx-agent.conf diff --git a/Makefile.packaging b/Makefile.packaging index e507f2a24d..fb33ff86a1 100644 --- a/Makefile.packaging +++ b/Makefile.packaging @@ -35,19 +35,35 @@ $(PACKAGES_DIR): @mkdir -p $(PACKAGES_DIR)/deb && mkdir -p $(PACKAGES_DIR)/rpm && mkdir -p $(PACKAGES_DIR)/apk .PHONY: package -package: gpg-key $(PACKAGES_DIR) #### Create final packages for all supported distros - # Create deb packages +package: $(PACKAGES_DIR) #### Create final packages for all supported distros + +# Build binaries for all supported architectures + @for arch in $(DEB_ARCHS); do \ + mkdir -p $(BUILD_DIR)/$${arch}; \ + cp .nfpm.yaml .nfpm.$${arch}.yaml; \ + sed -i.bak "s/\^ARCH\^/$${arch}/g" ".nfpm.$${arch}.yaml"; \ + sed -i.bak "s/\^BUILD_PATH\^/\.\/build\/$${arch}/g" ".nfpm.$${arch}.yaml"; \ + echo "Building linux/$${arch}"; \ + GOWORK=off CGO_ENABLED=0 GOARCH=$${arch} GOOS=linux \ + go build -pgo=auto -ldflags=${LDFLAGS} \ + -o $(BUILD_DIR)/$${arch}/$(BINARY_NAME) \ + $(PROJECT_DIR)/$(PROJECT_FILE); \ + rm -f .nfpm.$$arch.yaml.bak; \ + ls -la "$(BUILD_DIR)/$${arch}/$(BINARY_NAME)"; \ + done; \ + +# Create deb packages @for arch in $(DEB_ARCHS); do \ - GOWORK=off CGO_ENABLED=0 GOARCH=$${arch} GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE); \ for distro in $(DEB_DISTROS); do \ - deb_codename=`echo $$distro | cut -d- -f 2`; \ - VERSION=$(PACKAGE_VERSION)~$${deb_codename} ARCH=$${arch} nfpm pkg --config .nfpm.yaml --packager deb --target ${PACKAGES_DIR}/deb/${PACKAGE_PREFIX}_$(PACKAGE_VERSION)~$${deb_codename}_$${arch}.deb; \ + deb_codename=`echo $${distro} | cut -d- -f 2`; \ + VERSION=$(PACKAGE_VERSION)~$${deb_codename} \ + nfpm pkg --config .nfpm.$${arch}.yaml \ + --packager deb \ + --target ${PACKAGES_DIR}/deb/${PACKAGE_PREFIX}_$(PACKAGE_VERSION)~$${deb_codename}_$${arch}.deb; \ done; \ - rm -rf $(BINARY_PATH); \ done; \ - # Create rpm packages - @GOWORK=off CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE) +# Create rpm packages @for distro in $(RPM_DISTROS); do \ rpm_distro=`echo $$distro | cut -d- -f 1`; \ rpm_major=`echo $$distro | cut -d- -f 2`; \ @@ -55,63 +71,77 @@ package: gpg-key $(PACKAGES_DIR) #### Create final packages for all supported di if [ "$$rpm_distro" = "suse" ]; then rpm_codename="sles$$rpm_major"; \ fi; \ if [ "$$rpm_codename" != "na" ]; then \ - VERSION=$(PACKAGE_VERSION) ARCH=amd64 nfpm pkg --config .nfpm.yaml --packager rpm --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.${RPM_ARCH}.rpm; \ + VERSION=$(PACKAGE_VERSION) ARCH=amd64 \ + nfpm pkg --config .nfpm.amd64.yaml \ + --packager rpm \ + --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.${RPM_ARCH}.rpm; \ fi; \ done; \ - rm -rf $(BINARY_PATH) - # Create redhat rpm packages +# Create redhat rpm packages @for arch in $(REDHAT_ARCHS); do \ goarch=amd64; \ if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \ - GOWORK=off CGO_ENABLED=0 GOARCH=$${goarch} GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE); \ for distro in $(REDHAT_VERSIONS); do \ rpm_distro=`echo $$distro | cut -d- -f 1`; \ rpm_major=`echo $$distro | cut -d- -f 2`; \ rpm_codename="el$$rpm_major"; \ - VERSION=$(PACKAGE_VERSION) ARCH=$${arch} nfpm pkg --config .nfpm.yaml --packager rpm --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \ + VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \ + nfpm pkg --config .nfpm.$${goarch}.yaml \ + --packager rpm \ + --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \ done; \ - rm -rf $(BINARY_PATH); \ done; \ - # Create amazon rpm packages +# Create amazon rpm packages @for arch in $(AMAZON_ARCHS); do \ goarch=amd64; \ if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \ - GOWORK=off CGO_ENABLED=0 GOARCH=$${goarch} GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE); \ for version in $(AMAZON_VERSIONS); do \ rpm_major=`echo $$version | cut -d- -f 2`; \ rpm_codename="amzn$$rpm_major";\ - VERSION=$(PACKAGE_VERSION) ARCH=$${arch} nfpm pkg --config .nfpm.yaml --packager rpm --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \ + VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \ + nfpm pkg --config .nfpm.$$goarch.yaml \ + --packager rpm \ + --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).$${rpm_codename}.ngx.$${arch}.rpm; \ done; \ - rm -rf $(BINARY_PATH); \ done; \ - # Create apk packages +# Create apk packages @for arch in $(APK_ARCHS); do \ goarch=amd64; \ if [ "$$arch" = "aarch64" ]; then goarch="arm64"; fi; \ - GOWORK=off CGO_ENABLED=0 GOARCH=$${goarch} GOOS=linux go build -pgo=auto -ldflags=${LDFLAGS} -o $(BINARY_PATH) $(PROJECT_DIR)/$(PROJECT_FILE); \ for version in $(APK_VERSIONS); do \ if [ ! -d "$(PACKAGES_DIR)/apk/v$${version}/$${arch}" ]; then mkdir -p $(PACKAGES_DIR)/apk/v$${version}/$${arch}; fi; \ - VERSION=$(PACKAGE_VERSION) ARCH=$${arch} nfpm pkg --config .nfpm.yaml --packager apk --target $(PACKAGES_DIR)/apk/v$${version}/$${arch}/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).apk; \ + VERSION=$(PACKAGE_VERSION) ARCH=$${arch} \ + nfpm pkg --config .nfpm.$$goarch.yaml \ + --packager apk \ + --target $(PACKAGES_DIR)/apk/v$${version}/$${arch}/${PACKAGE_PREFIX}-$(PACKAGE_VERSION).apk; \ done; \ - rm -rf $(BINARY_PATH); \ - done; \ + done; - # Package build complete +# Package build complete + @echo "DEB packages:"; \ + find $(PACKAGES_DIR)/deb -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort; + @echo "RPM packages:"; \ + find $(PACKAGES_DIR)/rpm -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort; + @echo "APK packages:"; \ + find $(PACKAGES_DIR)/apk -type f | grep -E "${BINARY_NAME}[-_]${PACKAGE_VERSION}" | sort; - echo "DEB packages:"; \ - find $(PACKAGES_DIR)/deb ;\ - echo "RPM packages:"; \ - find $(PACKAGES_DIR)/rpm ;\ - echo "APK packages:"; \ - find $(PACKAGES_DIR)/apk ;\ +# Clean up temporary nfpm config files + @for arch in $(DEB_ARCHS); do \ + rm -f .nfpm.$$arch.yaml; \ + done; \ - # Create tarball containing all packages - cd $(PACKAGES_DIR) && tar -czvf "./$(TARBALL_NAME)" * && cd ../..; \ +# Create tarball containing all packages + @echo "Creating tarball: $(TARBALL_NAME)"; \ + rm -f $(PACKAGES_DIR)/$(TARBALL_NAME); \ + pushd $(PACKAGES_DIR) > /dev/null; \ + tar -czvf "./$(TARBALL_NAME)" *; \ + popd > /dev/null; \ + ls -la $(PACKAGES_DIR)/$(TARBALL_NAME); .PHONY: gpg-key gpg-key: ## Generate GPG public key diff --git a/scripts/packages/packager/Dockerfile b/scripts/packages/packager/Dockerfile deleted file mode 100644 index 9127c8922d..0000000000 --- a/scripts/packages/packager/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -ARG package_type - -FROM docker.io/golang@sha256:62ba6b19de03e891f7fa1001326bd48411f2626ff35e7ba5b9d890711ce581d9 AS base - -ARG PKG_VER="1.17.5" -ARG PKG_DIR="/tmp/pkg" - -RUN apt-get update && \ - apt-get install -y make jq gnupg gnupg1 gpgv1 git aptly debsig-verify createrepo-c dnf rpm \ - curl gettext-base make monkeysphere libtool unzip libssl-dev libbz2-dev libbsd-dev libarchive-dev liblzma-dev zlib1g-dev - -# compile, install pkg tool for linux -RUN mkdir $PKG_DIR; cd $PKG_DIR; \ - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.32.0; \ - curl -L -o pkg.zip https://github.com/freebsd/pkg/archive/refs/tags/$PKG_VER.zip; \ - unzip -qo pkg.zip; cd pkg-$PKG_VER; ./configure; make -s -j$(nproc); make install; \ - rm -rf $PKG_DIR - -FROM base AS local-package -ADD ./scripts/packages/packager/local-entrypoint.sh /scripts/entrypoint.sh -RUN chmod +x /scripts/entrypoint.sh - -FROM base AS signed-package -ADD ./scripts/packages/packager/signed-entrypoint.sh /scripts/entrypoint.sh -RUN chmod +x /scripts/entrypoint.sh - -FROM ${package_type} AS final -ENTRYPOINT [ "/scripts/entrypoint.sh" ] diff --git a/scripts/packages/packager/local-entrypoint.sh b/scripts/packages/packager/local-entrypoint.sh deleted file mode 100644 index 5080545ed4..0000000000 --- a/scripts/packages/packager/local-entrypoint.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -e -set -x -set -euxo pipefail - -VERSION_TAG=$(git describe --match 'v[0-9]*' --abbrev=0 | tr -d 'v') -COMMIT_SHA=$(git rev-parse --short HEAD) -export VERSION=${VERSION:-"${VERSION_TAG}-SNAPSHOT-${COMMIT_SHA}"} - -case "$(uname -m)" in - amd64|x86_64) ABIARCH=amd64 ;; - arm64|aarch64) ABIARCH=aarch64 ;; -esac - -cd /nginx-agent/ - -mkdir -p /staging/usr/local/bin -mkdir -p /staging/usr/local/etc/nginx-agent -mkdir -p /staging/usr/local/etc/rc.d - -cp nginx-agent.conf /staging/usr/local/etc/nginx-agent -cp scripts/packages/nginx-agent /staging/usr/local/etc/rc.d -cp scripts/packages/preinstall.sh /staging/+PRE_INSTALL -cp scripts/packages/postremove.sh /staging/+POST_DEINSTALL -cp scripts/packages/postinstall.sh /staging/+POST_INSTALL -cp scripts/packages/plist /staging -cp build/nginx-agent /staging/usr/local/bin - -chmod +x /staging/usr/local/etc/rc.d/nginx-agent - -# Temporary fix until the follow issue is resolved https://github.com/actions/checkout/issues/1169 -git config --global --add safe.directory /nginx-agent -envsubst < scripts/packages/manifest > /staging/+MANIFEST - -mkdir -p ./build - -pkg -o ABI="FreeBSD:13:${ABIARCH}" create --format txz \ - -m /staging \ - -r /staging \ - -p /staging/plist \ - -o ./build - -# Creating symbolic link from txz to pkg. In older versions of pkg the extension would represent the format of the file -# but since version 1.17.0 pkg will now always create a file with the extesion pkg no matter what the format is. -# See 1.17.0 release notes for more info: https://cgit.freebsd.org/ports/commit/?id=e497a16a286972bfcab908209b11ee6a13d99dc9 -cd build -ln -s "nginx-agent-${VERSION}.pkg" "nginx-agent-${VERSION}.txz" -cd ../ - -rm -rf /staging diff --git a/scripts/packages/packager/signed-entrypoint.sh b/scripts/packages/packager/signed-entrypoint.sh deleted file mode 100644 index d68237b4ae..0000000000 --- a/scripts/packages/packager/signed-entrypoint.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -set -e -set -x -set -euxo pipefail - -FREEBSD_DISTROS="FreeBSD:12:amd64 FreeBSD:13:amd64" -VERSION=${VERSION:-""} -if [ -z "${VERSION}" ]; then - VERSION=$(git describe --match 'v[0-9]*' --abbrev=0 | tr -d 'v') -fi -export VERSION - -cd /nginx-agent/ - -mkdir -p ./build/packages/txz -mkdir -p ./build/github/packages -mkdir -p ./build/azure/packages - -mkdir -p staging/usr/local/bin -mkdir -p staging/usr/local/etc/nginx-agent -mkdir -p staging/usr/local/etc/rc.d - -cp nginx-agent.conf staging/usr/local/etc/nginx-agent -cp scripts/packages/nginx-agent staging/usr/local/etc/rc.d -cp scripts/packages/preinstall.sh staging/+PRE_INSTALL -cp scripts/packages/postremove.sh staging/+POST_DEINSTALL -cp scripts/packages/postinstall.sh staging/+POST_INSTALL -cp scripts/packages/plist staging -cp build/nginx-agent staging/usr/local/bin - -chmod +x staging/usr/local/etc/rc.d/nginx-agent - -# Temporary fix until the follow issue is resolved https://github.com/actions/checkout/issues/1169 -git config --global --add safe.directory /nginx-agent -envsubst < scripts/packages/manifest > staging/+MANIFEST - -for freebsd_abi in $FREEBSD_DISTROS; do \ - mkdir -p ./build/packages/txz/"$freebsd_abi"; \ - pkg -o ABI="$freebsd_abi" create --format txz \ - -m staging \ - -r staging \ - -p staging/plist \ - -o ./build/packages/txz/"$freebsd_abi"; \ - # create freebsd pkg repo layout - pkg repo ./build/packages/txz/"$freebsd_abi" .key.rsa; \ - # Creating symbolic link from txz to pkg. In older versions of pkg the extension would represent the format of the file - # but since version 1.17.0 pkg will now always create a file with the extesion pkg no matter what the format is. - # See 1.17.0 release notes for more info: https://cgit.freebsd.org/ports/commit/?id=e497a16a286972bfcab908209b11ee6a13d99dc9 - cd build/packages/txz/"$freebsd_abi"; \ - ln -s nginx-agent-"${VERSION}".pkg nginx-agent-"${VERSION}".txz; \ - cd ../../../../; \ - cp ./build/packages/txz/"$freebsd_abi"/nginx-agent-"${VERSION}".pkg ./build/github/packages/nginx-agent-"${VERSION}"-"$freebsd_abi".pkg; \ - cp ./build/packages/txz/"$freebsd_abi"/nginx-agent-"${VERSION}".pkg ./build/azure/packages/nginx-agent-"${VERSION}"-"${freebsd_abi//:}".pkg; \ -done; \ - -rm -rf /staging