Skip to content

Commit 580843e

Browse files
committed
Added Github release action
1 parent 4a2e84b commit 580843e

2 files changed

Lines changed: 183 additions & 0 deletions

File tree

.github/workflows/debuild.yml

Lines changed: 181 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,181 @@
1+
---
2+
# Basically this is a fragmented bash script
3+
name: Debuild Release
4+
'on':
5+
release:
6+
types: published
7+
8+
env:
9+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
10+
11+
jobs:
12+
debuild:
13+
runs-on: ubuntu-latest
14+
environment: main
15+
env:
16+
REPO: volkszaehler/volkszaehler-org-project
17+
steps:
18+
- uses: actions/checkout@v4
19+
with:
20+
fetch-depth: 0
21+
- name: Set env
22+
# Here we are setting a variable from an expression.
23+
run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
24+
- name: update repo information
25+
run: sudo apt-get update
26+
- name: install devscripts
27+
run: sudo apt-get install equivs devscripts git-buildpackage pipx hub
28+
- name: Create source package
29+
# Using gbp has the advantage of creating reproducible tar balls
30+
run: |
31+
git fetch origin master:master
32+
gbp export-orig --upstream-branch=master --upstream-tree=BRANCH \
33+
--compression=xz
34+
- name: install dependencies
35+
run: |
36+
sudo mk-build-deps -ri
37+
rm libmbus-build-deps_*
38+
- name: debuild
39+
run: debuild --no-sign
40+
- name: import GPG key
41+
# A secret passphrase is used because the key is stored on disk where
42+
# it may persist while the passphrase is not.
43+
run: |
44+
echo -e "$SIGNING_KEY" | \
45+
gpg --batch --passphrase "$SIGNING_PASSPHRASE" --import
46+
gpg --list-secret-keys
47+
env:
48+
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
49+
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
50+
- name: debsign
51+
run: |
52+
debsign -k"$SIGNING_KEY_ID" -p"gpg --batch --pinentry-mode loopback \
53+
--passphrase $SIGNING_PASSPHRASE"
54+
env:
55+
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
56+
# This is not a secret, but we want to have all signing
57+
# configuration in one place
58+
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
59+
- name: upload as Release
60+
run: |
61+
set -x
62+
assets=()
63+
for asset in ../libmbus*.{tar.xz,dsc}; do
64+
assets+=("-a" "$asset")
65+
done
66+
hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
67+
env:
68+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
69+
- name: upload to Cloudsmith
70+
run: |
71+
pipx install cloudsmith-cli
72+
VERSION="${GITHUB_REF##*/v}"
73+
DESCRIPTION_FILE="../libmbus_$VERSION.dsc"
74+
cloudsmith push deb ${REPO}/debian/any-version "$DESCRIPTION_FILE" \
75+
--sources-file=$(dcmd --orig "$DESCRIPTION_FILE")
76+
env:
77+
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
78+
79+
pbuilder:
80+
needs: debuild
81+
strategy:
82+
matrix:
83+
os: [debian, raspbian]
84+
distribution: [trixie, bookworm, bullseye]
85+
architecture: [armhf, arm64, amd64]
86+
exclude:
87+
- os: raspbian
88+
architecture: arm64
89+
- os: raspbian
90+
architecture: amd64
91+
- os: raspbian
92+
distribution: trixie
93+
include:
94+
- mirrorsite: http://ftp2.de.debian.org/debian/
95+
- mirrorsite: http://mirror.netcologne.de/raspbian/raspbian/
96+
os: raspbian
97+
- keyring: debian-archive-keyring
98+
- keyring: raspbian-archive-keyring
99+
os: raspbian
100+
runs-on: ubuntu-latest
101+
environment: main
102+
env:
103+
PBRT: /var/cache/pbuilder
104+
REPO: volkszaehler/volkszaehler-org-project
105+
steps:
106+
- name: update repo information
107+
run: sudo apt-get update
108+
- name: install archive keyring
109+
run: |
110+
if [[ ${{ matrix.os }} == raspbian ]]; then
111+
wget http://raspbian.raspberrypi.org/raspbian/pool/main/r/raspbian-archive-keyring/raspbian-archive-keyring_20120528.2_all.deb
112+
sudo apt-get install ./raspbian-archive-keyring_20120528.2_all.deb
113+
else
114+
sudo apt-get install debian-archive-keyring
115+
fi
116+
- name: install pbuilder
117+
run: |
118+
sudo apt-get install pbuilder mmdebstrap qemu-user-static pipx hub
119+
# Needed for the release download
120+
- uses: actions/checkout@v2
121+
- name: Set env
122+
# Here we are setting a variable from an expression.
123+
run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
124+
- name: download source release
125+
run: |
126+
set -x
127+
hub release download "$TAG_NAME"
128+
ls -l
129+
- name: configure pbuilder
130+
run: |
131+
echo "MIRRORSITE=${{ matrix.mirrorsite }}
132+
HOOKDIR=$PBRT/hooks" | \
133+
sudo tee /root/.pbuilderrc
134+
sudo mkdir -p $PBRT/hooks
135+
echo "#!/bin/sh
136+
137+
apt-get -y install gnupg ${{ matrix.keyring }}
138+
apt-key adv --keyserver pgp.mit.edu --recv-keys $SIGNING_KEY_ID" | \
139+
sudo tee $PBRT/hooks/G70Keys
140+
env:
141+
# This is not a secret, but we want to have all signing
142+
# configuration in one place
143+
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
144+
- name: create bootstrap
145+
run: |
146+
sudo pbuilder create --architecture ${{ matrix.architecture }} \
147+
--distribution ${{ matrix.distribution }} \
148+
--basetgz $PBRT/current.tgz \
149+
--debootstrap mmdebstrap \
150+
--debootstrapopts \
151+
--keyring=/usr/share/keyrings/${{ matrix.keyring }}.gpg
152+
- name: pbuild ${{ matrix.os }} ${{ matrix.architecture }} ${{ matrix.distribution }}
153+
run: |
154+
VERSION="${GITHUB_REF##*/v}"
155+
sudo pbuilder build \
156+
--architecture ${{ matrix.architecture }} \
157+
--basetgz $PBRT/current.tgz libmbus_$VERSION.dsc
158+
- name: upload as Release
159+
run: |
160+
set -x
161+
if [[ "${{ matrix.distribution }}" != trixie ]]; then
162+
exit
163+
fi
164+
assets=()
165+
for asset in $PBRT/result/libmbus*_${{ matrix.architecture }}.{deb,changes,buildinfo}; do
166+
assets+=("-a" "$asset")
167+
done
168+
hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
169+
env:
170+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
171+
- name: upload to Cloudsmith
172+
run: |
173+
pipx install cloudsmith-cli
174+
VERSION="${GITHUB_REF##*/v}"
175+
CHANGES_FILE="$PBRT/result/libmbus_${VERSION}_${{ matrix.architecture }}.changes"
176+
for DEB in $(dcmd --deb $CHANGES_FILE); do
177+
cloudsmith push deb \
178+
${REPO}/${{ matrix.os }}/${{ matrix.distribution }} "$DEB"
179+
done
180+
env:
181+
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

debian/source/options

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Unfortunately Github action can not be below debian/
2+
extend-diff-ignore=.github/workflows/debuild.yml

0 commit comments

Comments
 (0)