From 7c43aa1b067503eb5bd53b646076d9b58cdf972c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Palet?= Date: Wed, 6 Mar 2024 22:55:40 +0000 Subject: [PATCH 1/2] Fixes to publishing of DEB packages to APT repo --- .aptly.conf | 1 - .github/workflows/ci.yaml | 2 +- .github/workflows/release.yaml | 7 ++++--- scripts/publish-apt-packages.sh | 19 ++++++++++++------- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/.aptly.conf b/.aptly.conf index 9fb98b76..d997ba8a 100644 --- a/.aptly.conf +++ b/.aptly.conf @@ -1,5 +1,4 @@ { - "rootDir": "./.aptly", "downloadConcurrency": 4, "downloadSpeedLimit": 0, "downloadRetries": 0, diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1712debc..2110b849 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,4 @@ -name: CI Workflow +name: CI on: [pull_request, workflow_dispatch] diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8361e97b..6a5dac99 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,8 +1,8 @@ # STACKIT CLI release workflow. name: Release -# This GitHub action creates a release when a tag that matches the pattern -# "v*" (e.g. v0.1.0) is created. +# This GitHub action creates a release when a tag that matches one of the patterns below +# E.g. v0.1.0, v0.1.0-something.1, etc on: push: tags: @@ -17,6 +17,7 @@ permissions: jobs: goreleaser: + name: Release runs-on: macOS-latest env: SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} @@ -71,5 +72,5 @@ jobs: if: contains(github.ref_name, '-') == false env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_ID: ${{ steps.import_gpg.outputs.keyid }} + GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} run: ./scripts/publish-apt-packages.sh diff --git a/scripts/publish-apt-packages.sh b/scripts/publish-apt-packages.sh index 9cc11730..f2653a6a 100755 --- a/scripts/publish-apt-packages.sh +++ b/scripts/publish-apt-packages.sh @@ -10,19 +10,24 @@ OBJECT_STORAGE_ENDPOINT="https://object.storage.eu01.onstackit.cloud" APT_BUCKET_NAME="stackit-cli-apt" PUBLIC_KEY_BUCKET_NAME="stackit-public-key" PUBLIC_KEY_FILE="key.gpg" -CUSTOM_KEYRING="custom-keyring" +CUSTOM_KEYRING_FILE="aptly-keyring.gpg" +DISTRIBUTION="stackit" APTLY_CONFIG_FILE_PATH="./.aptly.conf" GORELEASER_PACKAGES_FOLDER="dist/" +# We need to disable the key database daemon (keyboxd) +# This can be done by removing "use-keyboxd" from ~/.gnupg/common.conf (see https://github.com/gpg/gnupg/blob/master/README) +echo -n >~/.gnupg/common.conf + # Create a local mirror of the current state of the remote APT repository printf ">>> Creating mirror \n" curl ${OBJECT_STORAGE_ENDPOINT}/${PUBLIC_KEY_BUCKET_NAME}/${PUBLIC_KEY_FILE} >public.asc -gpg --no-default-keyring --keyring ./${CUSTOM_KEYRING}.gpg --import public.asc -aptly mirror create -keyring="${CUSTOM_KEYRING}.gpg" current "${OBJECT_STORAGE_ENDPOINT}/${APT_BUCKET_NAME}" stackit +gpg --no-default-keyring --keyring=${CUSTOM_KEYRING_FILE} --import public.asc +aptly mirror create -config "${APTLY_CONFIG_FILE_PATH}" -keyring="${CUSTOM_KEYRING_FILE}" current "${OBJECT_STORAGE_ENDPOINT}/${APT_BUCKET_NAME}" ${DISTRIBUTION} # Update the mirror to the latest state printf "\n>>> Updating mirror \n" -aptly mirror update current +aptly mirror update -keyring="${CUSTOM_KEYRING_FILE}" current # Create a snapshot of the mirror printf "\n>>> Creating snapshop from mirror \n" @@ -30,7 +35,7 @@ aptly snapshot create current-snapshot from mirror current # Create a new fresh local APT repo printf "\n>>> Creating fresh local repo \n" -aptly repo create -distribution="stackit-cli" new-repo +aptly repo create -distribution="${DISTRIBUTION}" new-repo # Add new generated .deb packages to the new local repo printf "\n>>> Adding new packages to local repo \n" @@ -42,8 +47,8 @@ aptly snapshot create new-snapshot from repo new-repo # Merge new-snapshot into current-snapshot creating a new snapshot updated-snapshot printf "\n>>> Merging snapshots \n" -aptly snapshot pull -no-remove -architectures="amd64,i386,arm64" current-snapshot new-snapshot updated-snapshot stackit +aptly snapshot pull -no-remove -architectures="amd64,i386,arm64" current-snapshot new-snapshot updated-snapshot ${DISTRIBUTION} # Publish the new snapshot to the remote repo printf "\n>>> Publishing updated snapshot \n" -aptly publish switch -gpg-key="${GPG_PRIVATE_KEY_ID}" -passphrase "${GPG_PASSPHRASE}" -config "${APTLY_CONFIG_FILE_PATH}" stackit "s3:${APT_BUCKET_NAME}:" updated-snapshot +aptly publish snapshot -keyring="${CUSTOM_KEYRING_FILE}" -gpg-key="${GPG_PRIVATE_KEY_FINGERPRINT}" -passphrase "${GPG_PASSPHRASE}" -config "${APTLY_CONFIG_FILE_PATH}" updated-snapshot "s3:${APT_BUCKET_NAME}:" From 0e2ddbb2ed4c6ac5fc9a27df359c2ceaaf5b6b37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Palet?= Date: Thu, 7 Mar 2024 11:34:41 +0000 Subject: [PATCH 2/2] Fix package name to be "stackit" --- .goreleaser.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 465a0a30..8d9a1003 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -60,6 +60,7 @@ nfpms: # IDs of the builds for which to create packages for builds: - linux-builds + package_name: stackit vendor: STACKIT homepage: https://github.com/stackitcloud/stackit-cli maintainer: STACKIT