From 0c270deac7e0cdce812fd5a3009568a1c6c24384 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Mon, 5 Feb 2024 11:19:21 -0500 Subject: [PATCH] WIP: nightlies --- .github/workflows/nightlies.yml | 66 +++++++++++++++++++++++++++++++++ scripts/build-debs.sh | 1 + scripts/fixup-changelog.sh | 13 ++++++- 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/nightlies.yml diff --git a/.github/workflows/nightlies.yml b/.github/workflows/nightlies.yml new file mode 100644 index 0000000000..6cdfaa0fcb --- /dev/null +++ b/.github/workflows/nightlies.yml @@ -0,0 +1,66 @@ +name: Nightlies +on: + push: +# schedule: +# - cron: "0 0 * * *" + +defaults: + run: + shell: bash + +jobs: + build-debs: + strategy: + matrix: + debian_version: + - bullseye + - bookworm + runs-on: ubuntu-latest + outputs: + artifact_id: ${{ steps.upload.outputs.artifact-id }} + steps: + - name: Install dependencies + run: | + apt-get update && apt-get install --yes devscripts podman git git-lfs + - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + repository: "freedomofpress/securedrop-builder" + path: "securedrop-builder" + lfs: true + - name: Build packages + run: | + git config --global --add safe.directory '*' + NIGHTLY=1 DEBIAN_VERSION=${{ matrix.debian_version }} BUILDER=securedrop-builder \ + ./scripts/build-debs.sh + - uses: actions/upload-artifact@v4 + id: upload + with: + name: build-${{ matrix.debian_version }} + path: build + if-no-files-found: error + + commit-and-push: + runs-on: ubuntu-latest + container: debian:bookworm + needs: + - build-debs + steps: + - name: Install dependencies + run: | + apt-get update && apt-get install --yes git git-lfs + - uses: actions/download-artifact@v4 + with: + pattern: "*${{ matrix.debian_version }}" + - uses: actions/checkout@v4 + with: + repository: "freedomofpress/securedrop-apt-test" + path: "securedrop-apt-test" + lfs: true + - name: Commit and push + run: | + cd securedrop-apt-test + mv -v ../build-bullseye/*.deb workstation/bullseye-nightlies/ + mv -v ../build-bookworm/*.deb workstation/bookworm-nightlies/ + git add . + git commit -m "Automated SecureDrop workstation build" diff --git a/scripts/build-debs.sh b/scripts/build-debs.sh index 574cf288bc..1986146de5 100755 --- a/scripts/build-debs.sh +++ b/scripts/build-debs.sh @@ -38,5 +38,6 @@ $OCI_BIN pull debian:${DEBIAN_VERSION} $OCI_BIN run --rm $OCI_RUN_ARGUMENTS \ -v "${BUILDER}:/builder:Z" \ + --env NIGHTLY="${NIGHTLY:-}" \ --entrypoint "/src/scripts/build-debs-real.sh" \ debian:${DEBIAN_VERSION} diff --git a/scripts/fixup-changelog.sh b/scripts/fixup-changelog.sh index 97d70b54b7..cdbac489d4 100755 --- a/scripts/fixup-changelog.sh +++ b/scripts/fixup-changelog.sh @@ -10,5 +10,14 @@ if [[ "$VERSION_CODENAME" == "" ]]; then VERSION_CODENAME=$(echo $PRETTY_NAME | awk '{split($0, a, "[ /]"); print a[4]}') fi -version=$(dpkg-parsechangelog -S Version) -sed -i "0,/${version}/ s//${version}+${VERSION_CODENAME}/" debian/changelog +VERSION=$(dpkg-parsechangelog -S Version) + +NIGHTLY="${NIGHTLY:-}" +if [[ ! -z $NIGHTLY ]]; then + # Ideally we'd use `dch` here but then we have to install all of devscripts + NEW_VERSION="${VERSION}.dev$(date +%Y%m%d%H%M%S)" +else + NEW_VERSION=$VERSION +fi + +sed -i "0,/${VERSION}/ s//${NEW_VERSION}+${VERSION_CODENAME}/" debian/changelog