-
Notifications
You must be signed in to change notification settings - Fork 76
381 lines (364 loc) · 17.9 KB
/
build-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
name: Publish packages
on:
push:
tags:
- 'v**'
- 'nightly'
jobs:
publish_binary_packages:
if: github.repository == 'JanssenProject/jans'
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
name: [ubuntu22, ubuntu20, el8, suse15]
include:
- name: ubuntu22
asset_suffix: ~ubuntu22.04_amd64.deb
build_files: deb/jammy
asset_prefix: '_'
asset_path: jans
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
python_version: 3.8
- name: ubuntu20
asset_suffix: ~ubuntu20.04_amd64.deb
build_files: deb/focal
asset_prefix: '_'
asset_path: jans
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
python_version: 3.8
- name: el8
asset_suffix: .el8.x86_64.rpm
build_files: rpm/el8
asset_prefix: '-'
asset_path: jans/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: 3.6
- name: suse15
asset_suffix: .suse15.x86_64.rpm
build_files: rpm/suse15
asset_prefix: '-'
asset_path: jans/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: 3.6
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: temp-jans
- name: Getting build dependencies
id: get_dependencies
run: |
mkdir -p jans/jans-src/opt/
cp -rp temp-jans/automation/packaging/${{ matrix.build_files }}/* jans/
cp temp-jans/jans-linux-setup/jans_setup/install.py jans/install.py
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install -y python${{ matrix.python_version }}
sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib
sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/
sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2
- name: Import GPG key
id: import_gpg
continue-on-error: true
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: List keys
id: list_keys
run: gpg -K
- name: Get latest tag
id: previoustag
run: |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT
if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then
echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT
else
echo "version=$(echo ${{ github.event.ref }} | cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT
fi
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV}
- name: Print Version and tag
run: |
echo "Version: ${{ steps.previoustag.outputs.version }}"
echo "Tag: ${{ steps.previoustag.outputs.tag }}"
- name: Running install and build
id: run_build
run: |
cd jans/
sudo python${{ matrix.python_version }} install.py -download-exit -yes --keep-downloads --keep-setup -force-download
cp -r /opt/dist jans-src/opt/
cp -r /opt/jans jans-src/opt/
touch jans-src/opt/jans/jans-setup/package
rm -rf install.py install jans-cli-tui
rm -rf jans-src/opt/jans/jans-setup/logs/setup.log
rm -rf jans-src/opt/jans/jans-setup/logs/setup_error.log
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
cat run-build.sh
sudo ./run-build.sh
- name: Sign package
id: sign_package
run : |
echo '%_gpg_name moauto (automation) <[email protected]>' >> ~/.rpmmacros
${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
- name: Create checksum
id: create_checksum
run: |
cd jans/
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
sudo ./checksum.sh
ls ${{github.workspace}}/${{ matrix.asset_path }}
- name: Upload binaries to release
id: upload_binaries
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload checksum to release
id: upload_shas
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload sig to release
id: upload_sigs
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
build_python_packages:
if: github.repository == 'JanssenProject/jans'
runs-on: ubuntu-20.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
name: Build with Suse
continue-on-error: true
with:
image: opensuse/leap:15.4
options: -v ${{ github.workspace }}:/suse
run: |
zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.1/standard/openSUSE:Leap:15.1.repo
zypper --gpg-auto-import-keys refresh
zypper --non-interactive install -y gcc-c++ make gcc automake autoconf libtool python3-pip python3-setuptools python3-wheel openssl
zypper addrepo https://download.opensuse.org/repositories/home:smarty12:Python/RaspberryPi_Leap_15.2/home:smarty12:Python.repo
zypper --gpg-auto-import-keys refresh
zypper download python3-dev
rpm -i --nodeps /var/cache/zypp/packages/home_smarty12_Python/noarch/python3-dev-0.4.0-lp152.1.4.noarch.rpm
zypper --non-interactive install -y python3
zypper --non-interactive install -y python3-devel
echo "Building jans-linux-setup package"
cd /suse/jans-linux-setup
pip install shiv
make zipapp
mv jans-linux-setup.pyz jans-linux-suse-X86-64-setup.pyz
sha256sum jans-linux-suse-X86-64-setup.pyz > jans-linux-suse-X86-64-setup.pyz.sha256sum
cd ../jans-cli-tui
make zipapp
mv jans-cli-tui.pyz jans-cli-tui-linux-suse-X86-64.pyz
sha256sum jans-cli-tui-linux-suse-X86-64.pyz > jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
- name: Set up Python 3.6
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.6
- name: Build with Ubuntu
continue-on-error: true
run: |
sudo apt-get update
sudo apt-get install -y python3 build-essential ca-certificates dbus systemd iproute2 gpg python3-pip python3-dev libpq-dev gcc
python3 -m pip install --upgrade pip
pip3 install shiv wheel setuptools
echo "Building jans-linux-setup package"
sudo chown -R runner:docker /home/runner/work/jans/jans
cd jans-linux-setup
make zipapp || echo "Creating linux setup failed for ubuntu"
mv jans-linux-setup.pyz jans-linux-ubuntu-X86-64-setup.pyz || echo "Failed"
sha256sum jans-linux-ubuntu-X86-64-setup.pyz > jans-linux-ubuntu-X86-64-setup.pyz.sha256sum || echo "Failed"
cd ../jans-cli-tui
make zipapp
mv jans-cli-tui.pyz jans-cli-tui-linux-ubuntu-X86-64.pyz
sha256sum jans-cli-tui-linux-ubuntu-X86-64.pyz > jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
id: cache-installers
with:
path: |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
key: ${{ github.sha }}
upload_python_packages:
if: github.repository == 'JanssenProject/jans'
needs: build_python_packages
runs-on: ubuntu-20.04
strategy:
matrix:
name: [ubuntu, suse]
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
id: cache-installers
with:
path: |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
key: ${{ github.sha }}
- name: Get latest tag
id: previoustag
run: |
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT
echo "SETUP_PREFIX=jans-linux" >> ${GITHUB_ENV}
echo "TUI_PREFIX=jans-cli-tui-linux" >> ${GITHUB_ENV}
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV}
- name: Print Version and tag
run: |
echo "Version: ${{ steps.previoustag.outputs.version }}"
echo "Tag: ${{ github.event.ref }}"
- name: Upload binaries to release
id: upload_binaries_setup
continue-on-error: true
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload checksum to release
id: upload_shas_setup
continue-on-error: true
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz.sha256sum
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz.sha256sum
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload binaries to release
id: upload_binaries_cli
continue-on-error: true
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload checksum to release
id: upload_shas_cli
continue-on-error: true
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz.sha256sum
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz.sha256sum
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
build_demo_packages:
if: github.repository == 'JanssenProject/jans'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build with Ubuntu
continue-on-error: true
run: |
sudo apt-get update
sudo apt-get install -y zip
cd demos
VER=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)
for i in $(ls -d */); do zip -r demo-${i%/}-$VER-source.zip $i && sha256sum demo-${i%/}-$VER-source.zip > demo-${i%/}-$VER-source.zip.sha256sum; done
sudo rm demo-jans-tarp-$VER-source.zip demo-jans-tarp-$VER-source.zip.sha256sum
cd jans-tarp
npm install
npm run build
npm run pack
mv ./release/jans-tarp-chrome-*.zip ../demo-jans-tarp-chrome-$VER.zip
mv ./release/jans-tarp-firefox-*.zip ../demo-jans-tarp-firefox-$VER.zip
sha256sum ../demo-jans-tarp-chrome-$VER.zip > ../demo-jans-tarp-chrome-$VER.zip.sha256sum
sha256sum ../demo-jans-tarp-firefox-$VER.zip > ../demo-jans-tarp-firefox-$VER.zip.sha256sum
cd ..
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
gh release upload $VER *.zip *.sha256sum --clobber
build_cedarling_python:
if: github.repository == 'JanssenProject/jans'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Import GPG key
id: import_gpg
continue-on-error: true
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- uses: actions/setup-python@v5
- uses: PyO3/maturin-action@v1
with:
working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python
command: build
args: --release -i python3.10 python3.11
- name: Generate sha256sum and sign
id: sign-cedarling
run: |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//')
VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)"
if [ "${TAG}" == "nightly" ]; then
VERSION=nightly
TAG="0.0.0"
fi
cd ${{ github.workspace }}/jans-cedarling/target/wheels
sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl.sha256sum
sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl.sha256sum
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl || echo "Failed to sign"
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl || echo "Failed to sign"
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
gh release upload "${VERSION}" *.whl *.sha256sum *.asc