Skip to content

Commit d58a9c1

Browse files
MoeMahhoukMoeMahhouk
committed
add CI workflow to build and upload deb packages as assets
1 parent b946c49 commit d58a9c1

File tree

1 file changed

+312
-0
lines changed

1 file changed

+312
-0
lines changed

.github/workflows/release-deb.yml

Lines changed: 312 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,312 @@
1+
name: release-deb
2+
3+
on:
4+
push:
5+
tags:
6+
- v*
7+
workflow_dispatch:
8+
inputs:
9+
dry_run:
10+
description: >-
11+
Enable dry run mode (builds packages but skips release upload)
12+
type: boolean
13+
default: false
14+
15+
jobs:
16+
extract-version:
17+
name: extract version
18+
runs-on: ubuntu-latest
19+
steps:
20+
- name: Extract version
21+
run: >-
22+
echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
23+
id: extract_version
24+
outputs:
25+
VERSION: ${{ steps.extract_version.outputs.VERSION }}
26+
27+
build-deb:
28+
name: build reproducible deb packages
29+
runs-on: ubuntu-latest
30+
needs: extract-version
31+
strategy:
32+
matrix:
33+
arch: [x86_64, aarch64]
34+
include:
35+
- arch: x86_64
36+
rust_target: x86_64-unknown-linux-gnu
37+
gcc_package: gcc
38+
- arch: aarch64
39+
rust_target: aarch64-unknown-linux-gnu
40+
gcc_package: gcc-aarch64-linux-gnu
41+
steps:
42+
- uses: actions/checkout@v4
43+
44+
- uses: dtolnay/rust-toolchain@stable
45+
with:
46+
target: ${{ matrix.rust_target }}
47+
48+
- name: Install build dependencies
49+
run: |
50+
sudo apt-get update
51+
sudo apt-get install -y libclang-dev cmake ${{ matrix.gcc_package }}
52+
53+
- name: Install cargo-deb
54+
run: cargo install cargo-deb
55+
56+
- uses: Swatinem/rust-cache@v2
57+
with:
58+
cache-on-failure: true
59+
key: deb-build-${{ matrix.arch }}
60+
61+
- name: Build reproducible .deb package
62+
run: |
63+
make deb-cargo RUST_TARGET=${{ matrix.rust_target }}
64+
65+
- name: Find and rename .deb package
66+
run: |
67+
VERSION=${{ needs.extract-version.outputs.VERSION }}
68+
DEB_FILE=$(find target/${{ matrix.rust_target }}/debian -name "*.deb" | head -1)
69+
if [ -n "$DEB_FILE" ]; then
70+
# Extract package info
71+
DEB_NAME=$(dpkg-deb -f "$DEB_FILE" Package)
72+
DEB_VERSION=$(dpkg-deb -f "$DEB_FILE" Version)
73+
DEB_ARCH=$(dpkg-deb -f "$DEB_FILE" Architecture)
74+
75+
# Create standardized filename
76+
NEW_NAME="lighthouse_${VERSION#v}_${{ matrix.arch }}.deb"
77+
cp "$DEB_FILE" "$NEW_NAME"
78+
79+
echo "DEB_FILE=$NEW_NAME" >> $GITHUB_ENV
80+
echo "DEB_SIZE=$(stat -f%z "$NEW_NAME" 2>/dev/null || stat -c%s "$NEW_NAME")" >> $GITHUB_ENV
81+
82+
# Generate checksums
83+
sha256sum "$NEW_NAME" > "$NEW_NAME.sha256"
84+
sha512sum "$NEW_NAME" > "$NEW_NAME.sha512"
85+
86+
echo "Package built: $NEW_NAME"
87+
echo "Size: $(du -h "$NEW_NAME" | cut -f1)"
88+
echo "SHA256: $(cat "$NEW_NAME.sha256")"
89+
else
90+
echo "❌ No .deb package found"
91+
exit 1
92+
fi
93+
94+
- name: Test package installation (dry run)
95+
run: |
96+
echo "Testing package metadata and dependencies..."
97+
dpkg-deb -I "$DEB_FILE"
98+
echo ""
99+
echo "Package contents:"
100+
dpkg-deb -c "$DEB_FILE"
101+
102+
- name: Upload build artifacts
103+
uses: actions/upload-artifact@v4
104+
with:
105+
name: lighthouse-deb-${{ matrix.arch }}
106+
path: |
107+
lighthouse_*_${{ matrix.arch }}.deb
108+
lighthouse_*_${{ matrix.arch }}.deb.sha256
109+
lighthouse_*_${{ matrix.arch }}.deb.sha512
110+
retention-days: 7
111+
112+
test-reproducibility:
113+
name: test deb reproducibility
114+
runs-on: ubuntu-latest
115+
needs: extract-version
116+
strategy:
117+
matrix:
118+
arch: [x86_64, aarch64]
119+
include:
120+
- arch: x86_64
121+
rust_target: x86_64-unknown-linux-gnu
122+
gcc_package: gcc
123+
- arch: aarch64
124+
rust_target: aarch64-unknown-linux-gnu
125+
gcc_package: gcc-aarch64-linux-gnu
126+
steps:
127+
- uses: actions/checkout@v4
128+
129+
- uses: dtolnay/rust-toolchain@stable
130+
with:
131+
target: ${{ matrix.rust_target }}
132+
133+
- name: Install build dependencies
134+
run: |
135+
sudo apt-get update
136+
sudo apt-get install -y libclang-dev cmake ${{ matrix.gcc_package }} diffoscope
137+
138+
- name: Install cargo-deb and cargo-cache
139+
run: |
140+
cargo install cargo-deb
141+
cargo install cargo-cache
142+
143+
- uses: Swatinem/rust-cache@v2
144+
with:
145+
cache-on-failure: true
146+
key: deb-reproducible-${{ matrix.arch }}
147+
148+
- name: Test reproducible deb build
149+
run: |
150+
make test-deb-reproducible RUST_TARGET=${{ matrix.rust_target }}
151+
152+
- name: Upload reproducibility test artifacts (on failure)
153+
if: failure()
154+
uses: actions/upload-artifact@v4
155+
with:
156+
name: failed-reproducible-deb-${{ matrix.arch }}
157+
path: |
158+
lighthouse-deb-build-*.deb
159+
*-diff.txt
160+
161+
create-release:
162+
name: create github release
163+
runs-on: ubuntu-latest
164+
needs: [extract-version, build-deb, test-reproducibility]
165+
if: ${{ github.event.inputs.dry_run != 'true' }}
166+
permissions:
167+
contents: write
168+
steps:
169+
- uses: actions/checkout@v4
170+
171+
- name: Download all artifacts
172+
uses: actions/download-artifact@v4
173+
with:
174+
path: artifacts
175+
176+
- name: Prepare release assets
177+
run: |
178+
mkdir -p release-assets
179+
find artifacts -name "*.deb" -exec cp {} release-assets/ \;
180+
find artifacts -name "*.sha256" -exec cp {} release-assets/ \;
181+
find artifacts -name "*.sha512" -exec cp {} release-assets/ \;
182+
183+
echo "Release assets:"
184+
ls -la release-assets/
185+
186+
- name: Generate release notes
187+
run: |
188+
VERSION=${{ needs.extract-version.outputs.VERSION }}
189+
cat > release-notes.md << EOF
190+
# Lighthouse ${VERSION} - Debian Packages
191+
192+
This release includes reproducible Debian packages for Lighthouse ${VERSION}.
193+
194+
## Available Packages
195+
196+
- **x86_64**: \`lighthouse_${VERSION#v}_x86_64.deb\`
197+
- **aarch64**: \`lighthouse_${VERSION#v}_aarch64.deb\`
198+
199+
## Installation
200+
201+
### Ubuntu/Debian (x86_64):
202+
\`\`\`bash
203+
wget https://github.com/${{ github.repository }}/releases/download/${VERSION}/lighthouse_${VERSION#v}_x86_64.deb
204+
sudo dpkg -i lighthouse_${VERSION#v}_x86_64.deb
205+
sudo apt-get install -f # Fix any dependency issues
206+
\`\`\`
207+
208+
### Ubuntu/Debian (ARM64):
209+
\`\`\`bash
210+
wget https://github.com/${{ github.repository }}/releases/download/${VERSION}/lighthouse_${VERSION#v}_aarch64.deb
211+
sudo dpkg -i lighthouse_${VERSION#v}_aarch64.deb
212+
sudo apt-get install -f # Fix any dependency issues
213+
\`\`\`
214+
215+
## Verification
216+
217+
All packages include SHA256 and SHA512 checksums for verification:
218+
219+
\`\`\`bash
220+
# Verify SHA256
221+
sha256sum -c lighthouse_${VERSION#v}_x86_64.deb.sha256
222+
223+
# Verify SHA512
224+
sha512sum -c lighthouse_${VERSION#v}_x86_64.deb.sha512
225+
\`\`\`
226+
227+
## System Service
228+
229+
After installation, Lighthouse can be managed as a systemd service:
230+
231+
\`\`\`bash
232+
# Enable and start the service
233+
sudo systemctl enable lighthouse
234+
sudo systemctl start lighthouse
235+
236+
# Check status
237+
sudo systemctl status lighthouse
238+
239+
# View logs
240+
sudo journalctl -u lighthouse -f
241+
\`\`\`
242+
243+
## Reproducible Builds
244+
245+
These packages are built using reproducible build techniques. You can verify the build process by checking out the source code at tag \`${VERSION}\` and running:
246+
247+
\`\`\`bash
248+
make deb-cargo RUST_TARGET=x86_64-unknown-linux-gnu
249+
make test-deb-reproducible RUST_TARGET=x86_64-unknown-linux-gnu
250+
\`\`\`
251+
252+
## Package Details
253+
254+
- **Maintainer**: Sigma Prime <[email protected]>
255+
- **Dependencies**: Automatically managed by dpkg/apt
256+
- **Service Integration**: Includes systemd service unit
257+
- **Build Method**: Reproducible builds with cargo-deb
258+
259+
For more information, see the [Lighthouse documentation](https://lighthouse-book.sigmaprime.io/).
260+
EOF
261+
262+
- name: Create Release
263+
uses: softprops/action-gh-release@v2
264+
with:
265+
tag_name: ${{ needs.extract-version.outputs.VERSION }}
266+
name: "Lighthouse ${{ needs.extract-version.outputs.VERSION }} - Debian Packages"
267+
body_path: release-notes.md
268+
files: release-assets/*
269+
draft: false
270+
prerelease: ${{ contains(needs.extract-version.outputs.VERSION, 'beta') || contains(needs.extract-version.outputs.VERSION, 'alpha') || contains(needs.extract-version.outputs.VERSION, 'rc') }}
271+
generate_release_notes: true
272+
273+
dry-run-summary:
274+
name: dry run summary
275+
runs-on: ubuntu-latest
276+
needs: [extract-version, build-deb, test-reproducibility]
277+
if: ${{ github.event.inputs.dry_run == 'true' }}
278+
steps:
279+
- name: Download all artifacts
280+
uses: actions/download-artifact@v4
281+
with:
282+
path: artifacts
283+
284+
- name: Summarize dry run
285+
run: |
286+
VERSION=${{ needs.extract-version.outputs.VERSION }}
287+
echo "## 🧪 Debian Package Release Dry Run Summary"
288+
echo ""
289+
echo "✅ Successfully completed dry run for version ${VERSION}"
290+
echo ""
291+
echo "### Built Packages:"
292+
find artifacts -name "*.deb" -exec basename {} \; | sort
293+
echo ""
294+
echo "### Package Sizes:"
295+
find artifacts -name "*.deb" -exec ls -lh {} \; | awk '{print $9 ": " $5}'
296+
echo ""
297+
echo "### Checksums Generated:"
298+
find artifacts -name "*.sha256" -exec basename {} \; | sort
299+
find artifacts -name "*.sha512" -exec basename {} \; | sort
300+
echo ""
301+
echo "### What would happen in a real release:"
302+
echo "- Packages would be uploaded to GitHub Releases"
303+
echo "- Release notes would be automatically generated"
304+
echo "- Users could install via:"
305+
echo " \`wget + dpkg -i lighthouse_${VERSION#v}_x86_64.deb\`"
306+
echo ""
307+
echo "### Reproducibility Test Results:"
308+
echo "✅ All reproducibility tests passed"
309+
echo ""
310+
echo "### Next Steps:"
311+
echo "To perform a real release, push a git tag:"
312+
echo "\`git tag ${VERSION} && git push origin ${VERSION}\`"

0 commit comments

Comments
 (0)