Merge pull request #49 from matyasselmeci/deploytorepo

Deploy released tarballs to repo.gridcf.org

.travis.yml

@@ -39,6 +39,7 @@ jobs:
       env:
         - IMAGE=centos:centos7 TASK=srpms
       sudo: required
+      skip_cleanup: true
       services:
         - docker
 
@@ -50,18 +51,26 @@ jobs:
       script:
       - travis-ci/setup_tasks.sh
       deploy:
-        on:
-          tags: true
-          all_branches: false
-          repo: gridcf/gct
-        skip_cleanup: true
-        file_glob: true
-        provider: releases
-        overwrite: true
-        # ^ this doesn't actually work but I'm leaving it in there in
-        #   case it gets fixed later
-        api_key:
-          secure: gNgkiuvPm/7eEKa203yXe1jPwBmALWLXPpXhfNZO7wBISPgB1XZHgRNMr6DKlE5gucElKSjWWhQbn5VCfJm3OB+KCb1Tx1Xsw6xmsLrEL0d+YF/cqQl98a4ZRQjrRW4CBHz6V/FGWYiI53YDvwb/wfSC3uhIXlBjN+CeLv2aJQuOYZ9ZJHVDZYKWp2yrL5qvCvwXVZfNZNCf1jNztKFyDyQ5xCT7ePjQAbASkkvO1ZMRVgwloiKqZVWINhjcYlKaTI5ov0U0yPLneE2ybZz5mxFCNSa4okQf3gb36eMge7i7yulk8R7uVxsFte0bhLEslGnYn+dtLT+4RmYflt5OqFs3z0fVAG+q9kwsLii50iE1pmY9QHt+P+8vkajX7T+QiK+qers41kmDvArFZboIDMkvHWaNceAtDZ9e/Pd54hL8ztJUjSa3FPqz6mwa6og3RNd4GFiER4aO6ISfdshCxTRkUnYMetzI+p77cP4HI2I87grJGOJUIGpp9qzukvPAGVS79kmBgV7Ykd7GQccKiiNx25hbACV81pZ9WZ9MhYVoc/SkzrST7b9Tba8QHCrtdZWafpN1awTkbjOxw4vN8XIaexE7WS6d7TduhTORb6awcABFzL9TNtQKQJWjlLsRv4VKVNz59mKrux/VnfF8vkMEqdn/P8d6UCn7oVe6i+g=
-        file: travis_deploy/*
+        - provider: releases
+          on:
+            tags: true
+            all_branches: false
+            repo: gridcf/gct
+          skip_cleanup: true
+          file_glob: true
+          overwrite: true
+          # ^ this doesn't actually work but I'm leaving it in there in
+          #   case it gets fixed later
+          api_key:
+            secure: gNgkiuvPm/7eEKa203yXe1jPwBmALWLXPpXhfNZO7wBISPgB1XZHgRNMr6DKlE5gucElKSjWWhQbn5VCfJm3OB+KCb1Tx1Xsw6xmsLrEL0d+YF/cqQl98a4ZRQjrRW4CBHz6V/FGWYiI53YDvwb/wfSC3uhIXlBjN+CeLv2aJQuOYZ9ZJHVDZYKWp2yrL5qvCvwXVZfNZNCf1jNztKFyDyQ5xCT7ePjQAbASkkvO1ZMRVgwloiKqZVWINhjcYlKaTI5ov0U0yPLneE2ybZz5mxFCNSa4okQf3gb36eMge7i7yulk8R7uVxsFte0bhLEslGnYn+dtLT+4RmYflt5OqFs3z0fVAG+q9kwsLii50iE1pmY9QHt+P+8vkajX7T+QiK+qers41kmDvArFZboIDMkvHWaNceAtDZ9e/Pd54hL8ztJUjSa3FPqz6mwa6og3RNd4GFiER4aO6ISfdshCxTRkUnYMetzI+p77cP4HI2I87grJGOJUIGpp9qzukvPAGVS79kmBgV7Ykd7GQccKiiNx25hbACV81pZ9WZ9MhYVoc/SkzrST7b9Tba8QHCrtdZWafpN1awTkbjOxw4vN8XIaexE7WS6d7TduhTORb6awcABFzL9TNtQKQJWjlLsRv4VKVNz59mKrux/VnfF8vkMEqdn/P8d6UCn7oVe6i+g=
+          file: travis_deploy/*
+        - provider: script
+          on:
+            tags: true
+            all_branches: false
+            repo: gridcf/gct
+          skip_cleanup: true
+          script: bash travis-ci/upload_source_tarballs.sh gridcf
+
 
 # vim:ft=yaml:sw=2:sts=2:et

travis-ci/id_gctuploader.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwudTBpxkoqsfndMVVyoaDe8CBpm+/fYSaJgQoi8PJW3AYM8r9wdhBkan2rnzWIYFfj7QxFLs1ekEtSv0wCspQ9wpsuPmPjLaSBI6foTUWcDepz4BOiysit3hOqocdWy7bp6kF8cbnUdzhDfVxnbSWHOTBVRiR/M2htWzdSRxxwqdY5lyrLC+MObUPLSvkj1RzF2KzsuXKnDr31l0eugmhIj4qBOFIDb2nq4otbZ0vFbT1R4N7LetyOpnrDZ/Ps80GTFR77qdIhe05mY/inVBR6OQ8Yw/fmY2DPIcPYYXepXdNZx/ZK2qzsfk6xdfBglsBNSxyFNU42ndlGTteyIPx gctuploader (created by [email protected])

travis-ci/make_source_tarballs.sh

@@ -48,5 +48,27 @@ echo '==========================================================================
 pushd "$root/myproxy/oauth/source"
 time python setup.py sdist
 mv dist/*.tar.gz "$root/package-output/"
+
+err=0
+pushd "$root/package-output/"
+for tb in *.tar.gz; do
+    if [[ ! -s $tb ]]; then
+        echo "$tb is empty!"
+        err=1
+    else
+        filetype=$(file -bzi "$tb")
+        if [[ $filetype != *application/x-tar* ]]; then
+            echo "$tb: unexpected file type '$filetype'"
+            err=1
+        fi
+    fi
+done
+popd
+
+if [[ $err -ne 0 ]]; then
+    echo "Sanity check failed -- bailing"
+    exit $err
+fi
+
 popd
 

travis-ci/upload_source_tarballs.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+
+# Upload source tarballs in the "package-output/" directory in the repo
+# to a remote host, via SCP.
+
+set -eux
+
+repo_owner=$1
+
+keyfile=$(pwd -P)/travis-ci/id_gctuploader
+
+# repo.gridcf.org is an alias for this:
+upload_server=hcc-osg-software2.unl.edu
+
+# obtained by running "ssh-keyscan hcc-osg-software2.unl.edu"
+hostsig="hcc-osg-software2.unl.edu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2AIWAVx2KY+GhDab9SdxLTvjjzTiNa4pfHe7TvRZ5O+qZNc4c8sBlsG7OZGZvDLMRjGTKFyjJx3jDVUwaf14DwzQi9rgZxEZgBsRFffLATZqz+DyVN1H9uw215pah9Wh6yzaqMn51y6kqg0kk/ip62cYcXFgLKUNkzV0yz5WFugm5ziROZn01v5o74VdCABTAdlZhviUoObCn+bycXoUGGETY5GZ3muAW6y5LydDTD+2S97qJWGdSW7JBIfcmU7n5dl8MrtYKYwGswOgdUDrLtCp6CdZt/Evr+3NyLp35IhLnwxdkBBlKHPY0jXrGHyemsXa0Hq0PG/Ih5d0M8RMp"
+
+
+echo "$hostsig" > ~/.ssh/known_hosts
+cat > ~/.ssh/config <<__END__
+Host $upload_server
+User gctuploader
+IdentityFile $keyfile
+PubkeyAuthentication yes
+IdentitiesOnly yes
+__END__
+
+(
+    umask 077
+    mkdir -p ~/.ssh
+    openssl aes-256-cbc \
+        -K $encrypted_677f6546cb93_key \
+        -iv $encrypted_677f6546cb93_iv \
+        -in "$keyfile.enc.$repo_owner" -out "$keyfile" \
+        -d
+)
+
+root=$(git rev-parse --show-toplevel)
+cd "$root"
+
+cd package-output
+rm -f gct-*.tar.gz
+# ^ has a timestamp in the name so always gets updated whether anything changed
+# or not. Between the git repo and the tarballs for the individual packages,
+# this is unnecessary anyway.
+
+sftp -b - $upload_server &>/dev/null <<__END__
+-mkdir gct6
+cd gct6
+-mkdir sources
+__END__
+
+
+remote_tarball_ok () {
+    local tarball remote_tarball
+    tarball=$1
+    remote_tarball=$2
+
+    local tmp=$(mktemp -d)
+    trap "rm -rf $tmp" RETURN
+    # Check for file and sha512sum existence. Download the file so we
+    # can run extra tests.
+    sftp -b - $upload_server <<__END__
+get $remote_tarball $tmp/$tarball
+get $remote_tarball.sha512 $tmp/$tarball.sha512
+__END__
+    if [[ $? -ne 0 ]]; then
+        echo "***** Couldn't download remote tarball $tarball and/or checksum ******"
+        return 1
+    fi
+
+    # Check that the downloaded sha512sum matches the downloaded file.
+    pushd $tmp
+    sha512sum --quiet -c $tarball.sha512
+    local ret=$?
+    popd
+    if [[ $ret -ne 0 ]]; then
+        echo "****** Remote tarball $tarball checksum doesn't match ******"
+        return 1
+    fi
+
+    # Check that the downloaded file is a tarball.
+    filetype=$(file -bzi "$tmp/$tarball")
+    if [[ $filetype != *application/x-tar* ]]; then
+        echo "****** Remote tarball $tarball doesn't look like a tarball ******"
+        return 1
+    fi
+
+    return 0
+}
+
+
+# Create individual checksum files instead of one big one because we want to
+# keep checksums for old tarballs that are already in the repo.
+set +e
+for tarball in *.tar.gz; do
+    remote_tarball=gct6/sources/$tarball
+    # Don't upload the tarball if it already exists and is valid
+    if remote_tarball_ok "$tarball" "$remote_tarball"; then
+        echo "****** Remote tarball $tarball OK... leaving remote as-is ******"
+    else
+        echo "****** Checksumming and uploading $tarball ******"
+        sha512sum "$tarball" > "$tarball.sha512"
+        sftp -b - $upload_server <<__END__
+put "$tarball" "$remote_tarball"
+put "$tarball.sha512" "$remote_tarball.sha512"
+__END__
+    fi
+done
+set -e
+
+# vim:et:sts=4:sw=4