Skip to content

Test installing ca-certificates temporarily #1225

Test installing ca-certificates temporarily

Test installing ca-certificates temporarily #1225

Workflow file for this run

name: Build debian packages
on:
push:
branches:
- main
paths-ignore:
- .github/workflows/automatic-doc-checks.yml
- .readthedocs.yaml
- docs/**
tags:
- "*"
pull_request:
paths-ignore:
- .github/workflows/automatic-doc-checks.yml
- .readthedocs.yaml
- docs/**
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
UBUNTU_VERSIONS: |
["noble", "plucky", "devel"]
CARGO_VENDOR_FILTERER_VERSION: 0.5.16
jobs:
define-versions:
name: Define build versions
runs-on: ubuntu-latest
outputs:
ubuntu-versions: ${{ env.UBUNTU_VERSIONS }}
steps:
- run: 'true'
build-deb-package:
name: Build ubuntu package
runs-on: ubuntu-latest
needs: define-versions
strategy:
fail-fast: false
matrix:
ubuntu-version: ${{ fromJSON(needs.define-versions.outputs.ubuntu-versions) }}
outputs:
run-id: ${{ github.run_id }}
# FIXME: Use dynamic outputs when possible: https://github.com/actions/runner/pull/2477
pkg-dsc-devel: ${{ steps.outputs.outputs.pkg-dsc-devel }}
pkg-dsc-plucky: ${{ steps.outputs.outputs.pkg-dsc-plucky }}
pkg-dsc-noble: ${{ steps.outputs.outputs.pkg-dsc-noble }}
pkg-src-changes-devel: ${{ steps.outputs.outputs.pkg-src-changes-devel }}
pkg-src-changes-plucky: ${{ steps.outputs.outputs.pkg-src-changes-plucky }}
pkg-src-changes-noble: ${{ steps.outputs.outputs.pkg-src-changes-noble }}
steps:
- name: Checkout authd code
uses: actions/checkout@v5
- name: Build debian packages and sources
uses: canonical/desktop-engineering/gh-actions/common/build-debian@temporary-ca-certs
with:
docker-image: ubuntu:${{ matrix.ubuntu-version }}
# Add the Go backports PPA, so that we can build with a newer
# version of Go than the one available in the archive.
extra-apt-repositories: ppa:ubuntu-enterprise-desktop/golang
# Extra build dependencies:
# - systemd-dev: Required to read compile time variables from systemd via pkg-config.
extra-source-build-deps: |
ca-certificates
git
libssl-dev
systemd-dev
extra-source-build-script: |
if [ "${{ matrix.ubuntu-version }}" == noble ]; then
cargo install --locked --root=/usr \
cargo-vendor-filterer@${{ env.CARGO_VENDOR_FILTERER_VERSION }}
command -v cargo-vendor-filterer
fi
# FIXME: Use dynamic outputs when possible: https://github.com/actions/runner/pull/2477
- name: Generate outputs
id: outputs
run: |
(
echo "pkg-dsc-${{ matrix.ubuntu-version }}=${{ env.PKG_DSC }}"
echo "pkg-src-changes-${{ matrix.ubuntu-version }}=${{ env.PKG_SOURCE_CHANGES }}"
) >> "${GITHUB_OUTPUT}"
check-modified-files:
name: Check modified files
runs-on: ubuntu-latest
needs:
- build-deb-package
outputs:
list: ${{ fromJSON(steps.git-diff.outputs.modified_files) }}
steps:
- name: Checkout authd code
uses: actions/checkout@v5
with:
fetch-depth: 100
- id: git-diff
name: Check modified files
run: |
set -ue
base_ref=${{ github.event.pull_request.base.sha }}
if [ -z "${base_ref}" ]; then
base_ref=${{ github.event.before }}
fi
if [ -z "${base_ref}" ]; then
base_ref=$(git log --root --reverse -n1 --format=%H)
fi
# Build a JSON array of modified paths.
modified_files=$(git diff --name-only "${base_ref}" HEAD | \
while read line; do
jq -n --arg path "$line" '$path'
done | jq -n '. |= [inputs]')
echo "${modified_files}"
escaped_json=$(echo "${modified_files}" | jq '.| tostring')
echo "modified_files=${escaped_json}" >> "${GITHUB_OUTPUT}"
synchronize-packaging-branches:
name: Update packaging branch
runs-on: ubuntu-latest
needs:
- define-versions
- build-deb-package
permissions:
contents: write
strategy:
fail-fast: false
matrix:
ubuntu-version: ${{ fromJSON(needs.define-versions.outputs.ubuntu-versions) }}
env:
PACKAGING_BRANCH: ubuntu-packaging-${{ matrix.ubuntu-version }}
# Run only on:
# - Push events to main
# - On github release
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
github.event_name == 'release' }}
steps:
# FIXME: Use dynamic outputs when possible: https://github.com/actions/runner/pull/2477
- name: Setup job variables
run: |
set -exuo pipefail
json_output='${{ toJSON(needs.build-deb-package.outputs) }}'
for var in $(echo "${json_output}" | jq -r 'keys | .[]'); do
if [[ "${var}" != *"-${{ matrix.ubuntu-version }}" ]]; then
continue;
fi
v=$(echo "${json_output}" | jq -r ".\"${var}\"")
var="${var%-${{ matrix.ubuntu-version }}}"
echo "${var//-/_}=${v}" >> "${GITHUB_ENV}"
done
- name: Download artifacts
uses: actions/download-artifact@v5
with:
run-id: ${{ needs.build-deb-package.outputs.run-id }}
merge-multiple: true
- name: Install dependencies
run: |
set -euo pipefail
sudo apt-get update -y
sudo apt-get install -y --no-install-suggests --no-install-recommends \
dpkg-dev devscripts
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 100
path: repo
- name: Extract the debian sources
run: |
set -euo pipefail
dpkg-source -x ${{ env.pkg_dsc }} sources
- name: Commit packaging sources
run: |
set -exuo pipefail
# Create or switch to the packaging branch
if git -C repo fetch --depth=1 origin "${{ env.PACKAGING_BRANCH }}:${{ env.PACKAGING_BRANCH }}"; then
git -C repo checkout "${{ env.PACKAGING_BRANCH }}"
else
git -C repo checkout -b "${{ env.PACKAGING_BRANCH }}"
fi
# Replace the repository content with the package sources
mv repo/.git sources/
cd sources
# Drop the ubuntu version, as the PPA recipe will add it anyways
version=$(dpkg-parsechangelog -SVersion)
sanitized_version=$(echo "${version}" | sed "s,~[0-9.]\+\$,,")
perl -pe "s|\Q${version}\E|${sanitized_version}|" debian/changelog > \
debian/changelog.sanitized
mv debian/changelog.sanitized debian/changelog
dpkg-parsechangelog
git config --global user.name "Ubuntu Enterprise Desktop"
git config --global user.email "[email protected]"
git add --all
git commit \
--allow-empty \
-m "Update ubuntu ${{ matrix.ubuntu-version }} package sources" \
-m "Use upstream commit ${GITHUB_SHA}"
- name: Push to packaging branch
run: |
set -exuo pipefail
git -C sources push origin "${{ env.PACKAGING_BRANCH }}:${{ env.PACKAGING_BRANCH }}"
run-autopkgtests:
name: Run autopkgtests
runs-on: ubuntu-latest
needs:
- define-versions
- build-deb-package
- check-modified-files
strategy:
fail-fast: false
matrix:
ubuntu-version: ${{ fromJSON(needs.define-versions.outputs.ubuntu-versions) }}
# Run autopkgtests only on:
# - Push events to main
# - When a file in the debian subdir is modified
# - When this file is modified
# - On new tags
# - On github release
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
contains(needs.check-modified-files.outputs.list, 'debian/') ||
contains(needs.check-modified-files.outputs.list, '.github/workflows/build-deb.yaml') ||
startsWith(github.ref, 'refs/tags/') ||
github.event_name == 'release' }}
steps:
# FIXME: Use dynamic outputs when possible: https://github.com/actions/runner/pull/2477
- name: Setup job variables
run: |
set -exuo pipefail
json_output='${{ toJSON(needs.build-deb-package.outputs) }}'
for var in $(echo "${json_output}" | jq -r 'keys | .[]'); do
if [[ "${var}" != *"-${{ matrix.ubuntu-version }}" ]]; then
continue;
fi
v=$(echo "${json_output}" | jq -r ".\"${var}\"")
var="${var%-${{ matrix.ubuntu-version }}}"
echo "${var//-/_}=${v}" >> "${GITHUB_ENV}"
done
- name: Download artifacts
uses: actions/download-artifact@v5
with:
run-id: ${{ needs.build-deb-package.outputs.run-id }}
merge-multiple: true
- name: Run autopkgtests
uses: canonical/desktop-engineering/gh-actions/common/run-autopkgtest@main
with:
lxd-image: ubuntu:${{ matrix.ubuntu-version }}
source-changes: ${{ env.pkg_src_changes }}
autopkgtest-args: --add-apt-source=ppa:ubuntu-enterprise-desktop/golang