Merge pull request #158 from dedis/continuous-deployment

Adds a script to automatically deploy deb packages
dedis · Jul 11, 2022 · 063e8ee · 063e8ee
2 parents ee2c73d + f0700be
commit 063e8ee
Show file tree

Hide file tree

Showing 5 changed files with 165 additions and 10 deletions.
diff --git a/.github/workflows/go_release.yml b/.github/workflows/go_release.yml
@@ -0,0 +1,53 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Use go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '>=1.18'
+
+      - name: Install fpm
+        run: |
+          sudo apt-get update
+          sudo apt-get install ruby-dev build-essential
+          sudo gem install fpm -f
+
+      - name: build artifacts
+        # builds the binary and the .deb
+        run: make deb
+
+  release:
+    name: release
+    needs: build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Publish release to aptly
+        env:
+          APTLY_USER: ${{ secrets.APTLY_USER }}
+          APTLY_PASSWORD: ${{ secrets.APTLY_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          ./deb-package/upload-artifacts.sh deb-package/dist/
+
+      - name: Update artifacts to Github's release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            memcoin-*
+            deb-package/dist/*
diff --git a/.gitignore b/.gitignore
@@ -5,7 +5,7 @@ private.key
 web/app/node_modules
 .idea
 
-memcoin
+memcoin*
 
 *.log
 

diff --git a/Makefile b/Makefile
@@ -1,4 +1,6 @@
-versionFlag="github.com/dedis/d-voting.Version=$(shell git describe --tags)"
+version=$(shell git describe --abbrev=0 --tags || echo '0.0.0')
+versionFlag="github.com/dedis/d-voting.Version=$(version)"
+versionFile=$(shell echo $(version) | tr . _)
 timeFlag="github.com/dedis/d-voting.BuildTime=$(shell date +'%d/%m/%y_%H:%M')"
 
 lint:
@@ -22,8 +24,10 @@ test_integration:
 	go test ./integration
 
 build:
-	go build -ldflags="-X $(versionFlag) -X $(timeFlag)" ./cli/memcoin
+	go build -ldflags="-X $(versionFlag) -X $(timeFlag)" -o memcoin ./cli/memcoin
+	GOOS=linux GOARCH=amd64 go build -ldflags="-X $(versionFlag) -X $(timeFlag)" -o memcoin-linux-amd64-$(versionFile) ./cli/memcoin
+	GOOS=darwin GOARCH=amd64 go build -ldflags="-X $(versionFlag) -X $(timeFlag)" -o memcoin-darwin-amd64-$(versionFile) ./cli/memcoin
+	GOOS=windows GOARCH=amd64 go build -ldflags="-X $(versionFlag) -X $(timeFlag)" -o memcoin-windows-amd64-$(versionFile) ./cli/memcoin
 
-deb:
-	GOOS=linux GOARCH=amd64 make build
+deb: build
 	cd deb-package; ./build-deb.sh; cd ..
diff --git a/deb-package/build-deb.sh b/deb-package/build-deb.sh
@@ -8,8 +8,11 @@ rm -rf deb
 INSTALL_DIR="deb/opt/dedis/dvoting/bin"
 mkdir -p $INSTALL_DIR
 
-DVOTING_CLI_DIR="$PWD/.."
-cp $DVOTING_CLI_DIR/memcoin $INSTALL_DIR
+# get version from git without v prefix
+GITVERSION=$(git describe --abbrev=0 --tags || echo '0.0.0')
+VERSION=${GITVERSION:1}
+
+cp ../memcoin $INSTALL_DIR/
 
 # Prometheus Node Exporter
 NE_DIR="deb/opt/exporter"
@@ -32,9 +35,6 @@ mkdir -p deb/var/log/dedis/dvoting
 # adjust permissions
 find deb ! -perm -a+r -exec chmod a+r {} \;
 
-# get version from git without v prefix
-GITVERSION=$(git describe --abbrev=0 --tags)
-VERSION=${GITVERSION:1}
 if [[ -z "${ITERATION}" ]]
 then
   ITERATION="0"

diff --git a/deb-package/upload-artifacts.sh b/deb-package/upload-artifacts.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# This script uploads .deb packages, creates a snapshot and publish a new
+# version. It expects as input the folder containing the *.deb files.
+#
+# Example:
+#
+#   ./upload-artifacts ./dist/
+#
+# Inspired from
+# https://github.com/aptly-dev/aptly/blob/c9f5763a70ba2227e8bdf31c2f0ab7f481b6f2e0/upload-artifacts.sh
+#
+# Note that at least one package must have been uploaded from the server, and
+# the repo created. For example with the following commands:
+#
+#   aptly repo create -distribution=squeeze -component=main dvoting-release
+#
+#   aptly publish snapshot --distribution="squeeze" --gpg-key="XXX" \
+#     --passphrase "XXX" -gpg-provider="gpg2" dvoting-0.0.1 s3:apt.dedis.ch:
+#
+
+set -e
+
+if [ -z ${1+x} ]; then echo "please give the folder"; exit 1; fi
+
+builds="$1/"
+packages=${builds}*.deb
+folder=`mktemp -u tmp.XXXXXXXXXXXXXXX`
+aptly_user="$APTLY_USER"
+aptly_password="$APTLY_PASSWORD"
+gpg_passphrase="$GPG_PASSPHRASE" # will be passed over the network, use TLS !
+aptly_api="https://aptly-api.dedis.ch"
+
+gitversion=$(git describe --abbrev=0 --tags)
+version=${gitversion:1}
+
+aptly_repository=dvoting-release
+aptly_snapshot=dvoting-$version
+aptly_published=s3:apt.dedis.ch:/squeeze
+
+echo "Check if snapshot $aptly_snapshot already exists"
+res=$(curl -s -u $aptly_user:$aptly_password -o /dev/null -w "%{http_code}" ${aptly_api}/api/snapshots/$aptly_snapshot)
+
+if [ $res = "404" ]; then
+    echo "Publishing version '$version' from $builds"
+
+    for file in $packages; do
+        url=${aptly_api}/api/files/$folder
+        echo "Uploading $file -> $url"
+        # http1.1 : https://github.com/curl/curl/issues/3206#issuecomment-437625637
+        curl -fsS --ssl-reqd -X POST -u $aptly_user:$aptly_password --http1.1 -F "file=@$file" ${url}
+        echo
+    done
+
+    echo "Adding packages to $aptly_repository..."
+    curl -fsS -X POST \
+        -u $aptly_user:$aptly_password \
+        ${aptly_api}/api/repos/$aptly_repository/file/$folder
+    echo
+
+    echo "Creating snapshot $aptly_snapshot from repo $aptly_repository..."
+    curl -fsS -X POST \
+        -u $aptly_user:$aptly_password \
+        -H 'Content-Type: application/json' \
+        --data  '{"Name":"'"$aptly_snapshot"'"}' \
+        ${aptly_api}/api/repos/$aptly_repository/snapshots
+    echo
+else
+    echo "Snapshot $aptly_snapshot already exist"
+fi
+
+data='{
+    "AcquireByHash": true,
+    "Snapshots": [
+        {
+            "Component": "main",
+            "Name": "'"$aptly_snapshot"'"
+        }
+    ],
+    "Signing": {
+        "Batch": true,
+        "GpgKey": "9AD6DDAC613708D9216294DA5B455ACFE943ED69",
+        "Passphrase": "'"$gpg_passphrase"'"
+    }
+}'
+
+echo "Switching published repo to use snapshot $aptly_snapshot..."
+
+curl -fsS -X PUT -H 'Content-Type: application/json' \
+    --data "$data" \
+    -u $aptly_user:$aptly_password \
+    ${aptly_api}/api/publish/$aptly_published
+echo
+
+curl -fsS -X DELETE \
+    -u $aptly_user:$aptly_password \
+    ${aptly_api}/api/files/$folder
+echo
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,7 @@ private.key @@
     web/app/node_modules
     .idea
-    memcoin
+    memcoin*
     *.log
@@ Expand Down @@