Skip to content

Debuild Release

Debuild Release #4

Workflow file for this run

---
# Basically this is a fragmented bash script
name: Debuild Release
'on':
release:
types: published
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
debuild:
runs-on: ubuntu-latest
environment: main
env:
REPO: volkszaehler/volkszaehler-org-project
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set env
# Here we are setting a variable from an expression.
run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: update repo information
run: sudo apt-get update
- name: install devscripts
run: sudo apt-get install equivs devscripts git-buildpackage pipx hub
- name: Create source package
# Using gbp has the advantage of creating reproducible tar balls
run: |
git fetch origin master:master
gbp export-orig --upstream-branch=master --upstream-tree=BRANCH --git-debian-branch=debian-vzlogger
- name: install dependencies
run: sudo mk-build-deps -ri
- name: debuild
run: debuild --no-sign
- name: import GPG key
# A secret passphrase is used because the key is stored on disk where
# it may persist while the passphrase is not.
run: |
echo -e "$SIGNING_KEY" | \
gpg --batch --passphrase "$SIGNING_PASSPHRASE" --import
gpg --list-secret-keys
env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
- name: debsign
run: |
debsign -k"$SIGNING_KEY_ID" -p"gpg --batch --pinentry-mode loopback \
--passphrase $SIGNING_PASSPHRASE"
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
# This is not a secret, but we want to have all signing
# configuration in one place
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
- name: upload as Release
run: |
set -x
assets=()
for asset in ../libmbus*.{tar.xz,dsc}; do
assets+=("-a" "$asset")
done
hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: upload to Cloudsmith
run: |
pipx install cloudsmith-cli
VERSION="${GITHUB_REF##*/v}"
DESCRIPTION_FILE="../libmbus_$VERSION.dsc"
cloudsmith push deb ${REPO}/debian/any-version "$DESCRIPTION_FILE" \
--sources-file=$(dcmd --orig "$DESCRIPTION_FILE")
env:
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
pbuilder:
needs: debuild
strategy:
matrix:
os: [debian, raspbian]
distribution: [trixie, bookworm, bullseye]
architecture: [armhf, arm64, amd64]
exclude:
- os: raspbian
architecture: arm64
- os: raspbian
architecture: amd64
- os: raspbian
distribution: trixie
include:
- mirrorsite: http://ftp2.de.debian.org/debian/
- mirrorsite: http://mirror.netcologne.de/raspbian/raspbian/
os: raspbian
- keyring: debian-archive-keyring
- keyring: raspbian-archive-keyring
os: raspbian
runs-on: ubuntu-latest
environment: main
env:
PBRT: /var/cache/pbuilder
REPO: volkszaehler/volkszaehler-org-project
steps:
- name: update repo information
run: sudo apt-get update
- name: install archive keyring
run: |
if [[ ${{ matrix.os }} == raspbian ]]; then
wget http://raspbian.raspberrypi.org/raspbian/pool/main/r/raspbian-archive-keyring/raspbian-archive-keyring_20120528.2_all.deb
sudo apt-get install ./raspbian-archive-keyring_20120528.2_all.deb
else
sudo apt-get install debian-archive-keyring
fi
- name: install pbuilder
run: |
sudo apt-get install pbuilder mmdebstrap qemu-user-static pipx hub
# Needed for the release download
- uses: actions/checkout@v2
- name: Set env
# Here we are setting a variable from an expression.
run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: download source release
run: |
set -x
hub release download "$TAG_NAME"
ls -l
- name: configure pbuilder
run: |
echo "MIRRORSITE=${{ matrix.mirrorsite }}
HOOKDIR=$PBRT/hooks" | \
sudo tee /root/.pbuilderrc
sudo mkdir -p $PBRT/hooks
echo "#!/bin/sh
apt-get -y install gnupg ${{ matrix.keyring }}
apt-key adv --keyserver pgp.mit.edu --recv-keys $SIGNING_KEY_ID" | \
sudo tee $PBRT/hooks/G70Keys
env:
# This is not a secret, but we want to have all signing
# configuration in one place
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
- name: create bootstrap
run: |
sudo pbuilder create --architecture ${{ matrix.architecture }} \
--distribution ${{ matrix.distribution }} \
--basetgz $PBRT/current.tgz \
--debootstrap mmdebstrap \
--debootstrapopts \
--keyring=/usr/share/keyrings/${{ matrix.keyring }}.gpg
- name: pbuild ${{ matrix.os }} ${{ matrix.architecture }} ${{ matrix.distribution }}
run: |
VERSION="${GITHUB_REF##*/v}"
sudo pbuilder build \
--architecture ${{ matrix.architecture }} \
--basetgz $PBRT/current.tgz libmbus_$VERSION.dsc
- name: upload as Release
run: |
set -x
if [[ "${{ matrix.distribution }}" != trixie ]]; then
exit
fi
assets=()
for asset in $PBRT/result/libmbus*_${{ matrix.architecture }}.{deb,changes,buildinfo}; do
assets+=("-a" "$asset")
done
hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: upload to Cloudsmith
run: |
pipx install cloudsmith-cli
VERSION="${GITHUB_REF##*/v}"
CHANGES_FILE="$PBRT/result/libmbus_${VERSION}_${{ matrix.architecture }}.changes"
for DEB in $(dcmd --deb $CHANGES_FILE); do
cloudsmith push deb \
${REPO}/${{ matrix.os }}/${{ matrix.distribution }} "$DEB"
done
env:
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}