diff --git a/.github/workflows/debuild.yml b/.github/workflows/debuild.yml new file mode 100644 index 0000000..0716338 --- /dev/null +++ b/.github/workflows/debuild.yml @@ -0,0 +1,175 @@ +--- +# Basically this is a fragmented bash script +name: Debuild Release +'on': + release: + types: published + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + debuild: + runs-on: ubuntu-latest + environment: main + env: + REPO: volkszaehler/volkszaehler-org-project + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set env + # Here we are setting a variable from an expression. + run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV + - name: update repo information + run: sudo apt-get update + - name: install devscripts + run: sudo apt-get install equivs devscripts git-buildpackage pipx hub + - name: Create source package + run: gbp export-orig --upstream-branch=master --upstream-tree=BRANCH + - name: install dependencies + run: sudo mk-build-deps -ri + - name: debuild + run: debuild --no-sign + - name: import GPG key + # A secret passphrase is used because the key is stored on disk where + # it may persist while the passphrase is not. + run: | + echo -e "$SIGNING_KEY" | \ + gpg --batch --passphrase "$SIGNING_PASSPHRASE" --import + gpg --list-secret-keys + env: + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} + - name: debsign + run: | + debsign -k"$SIGNING_KEY_ID" -p"gpg --batch --pinentry-mode loopback \ + --passphrase $SIGNING_PASSPHRASE" + env: + SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} + # This is not a secret, but we want to have all signing + # configuration in one place + SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} + - name: upload as Release + run: | + set -x + assets=() + for asset in ../libmbus*.{tar.xz,dsc}; do + assets+=("-a" "$asset") + done + hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: upload to Cloudsmith + run: | + pipx install cloudsmith-cli + VERSION="${GITHUB_REF##*/v}" + DESCRIPTION_FILE="../libmbus_$VERSION.dsc" + cloudsmith push deb ${REPO}/debian/any-version "$DESCRIPTION_FILE" \ + --sources-file=$(dcmd --orig "$DESCRIPTION_FILE") + env: + CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} + + pbuilder: + needs: debuild + strategy: + matrix: + os: [debian, raspbian] + distribution: [trixie, bookworm, bullseye] + architecture: [armhf, arm64, amd64] + exclude: + - os: raspbian + architecture: arm64 + - os: raspbian + architecture: amd64 + - os: raspbian + distribution: trixie + include: + - mirrorsite: http://ftp2.de.debian.org/debian/ + - mirrorsite: http://mirror.netcologne.de/raspbian/raspbian/ + os: raspbian + - keyring: debian-archive-keyring + - keyring: raspbian-archive-keyring + os: raspbian + runs-on: ubuntu-latest + environment: main + env: + PBRT: /var/cache/pbuilder + REPO: volkszaehler/volkszaehler-org-project + steps: + - name: update repo information + run: sudo apt-get update + - name: install archive keyring + run: | + if [[ ${{ matrix.os }} == raspbian ]]; then + wget http://raspbian.raspberrypi.org/raspbian/pool/main/r/raspbian-archive-keyring/raspbian-archive-keyring_20120528.2_all.deb + sudo apt-get install ./raspbian-archive-keyring_20120528.2_all.deb + else + sudo apt-get install debian-archive-keyring + fi + - name: install pbuilder + run: | + sudo apt-get install pbuilder mmdebstrap qemu-user-static pipx hub + # Needed for the release download + - uses: actions/checkout@v2 + - name: Set env + # Here we are setting a variable from an expression. + run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV + - name: download source release + run: | + set -x + hub release download "$TAG_NAME" + ls -l + - name: configure pbuilder + run: | + echo "MIRRORSITE=${{ matrix.mirrorsite }} + HOOKDIR=$PBRT/hooks" | \ + sudo tee /root/.pbuilderrc + sudo mkdir -p $PBRT/hooks + echo "#!/bin/sh + + apt-get -y install gnupg ${{ matrix.keyring }} + apt-key adv --keyserver pgp.mit.edu --recv-keys $SIGNING_KEY_ID" | \ + sudo tee $PBRT/hooks/G70Keys + env: + # This is not a secret, but we want to have all signing + # configuration in one place + SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} + - name: create bootstrap + run: | + sudo pbuilder create --architecture ${{ matrix.architecture }} \ + --distribution ${{ matrix.distribution }} \ + --basetgz $PBRT/current.tgz \ + --debootstrap mmdebstrap \ + --debootstrapopts \ + --keyring=/usr/share/keyrings/${{ matrix.keyring }}.gpg + - name: pbuild ${{ matrix.os }} ${{ matrix.architecture }} ${{ matrix.distribution }} + run: | + VERSION="${GITHUB_REF##*/v}" + sudo pbuilder build \ + --architecture ${{ matrix.architecture }} \ + --basetgz $PBRT/current.tgz libmbus_$VERSION.dsc + - name: upload as Release + run: | + set -x + if [[ "${{ matrix.distribution }}" != trixie ]]; then + exit + fi + assets=() + for asset in $PBRT/result/libmbus*_${{ matrix.architecture }}.{deb,changes,buildinfo}; do + assets+=("-a" "$asset") + done + hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: upload to Cloudsmith + run: | + pipx install cloudsmith-cli + VERSION="${GITHUB_REF##*/v}" + CHANGES_FILE="$PBRT/result/libmbus_${VERSION}_${{ matrix.architecture }}.changes" + for DEB in $(dcmd --deb $CHANGES_FILE); do + cloudsmith push deb \ + ${REPO}/${{ matrix.os }}/${{ matrix.distribution }} "$DEB" + done + env: + CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..2043734 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,2 @@ +# Unfortunately Github action can not be below debian/ +extend-diff-ignore=.github/workflows/debuild.yml