From bb63a5c9ba814d86a6c2dd19df6861131cb5e53e Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 8 Sep 2023 17:39:56 +0500 Subject: [PATCH] Optimize git action to build packages --- .github/workflows/build_packages.yml | 203 +++++++++++---------------- 1 file changed, 82 insertions(+), 121 deletions(-) diff --git a/.github/workflows/build_packages.yml b/.github/workflows/build_packages.yml index 10bbc88556..75f99fceb2 100644 --- a/.github/workflows/build_packages.yml +++ b/.github/workflows/build_packages.yml @@ -3,32 +3,38 @@ name: Build packages on: push: branches: - - release/* - - develop - - hotfix/* + - release/* + - develop + - hotfix/* paths: - - build/install/deb** - - build/install/rpm** - - build/install/common** + - build/install/deb** + - build/install/rpm** + - build/install/common** workflow_dispatch: + concurrency: group: ${{ github.ref }} cancel-in-progress: true - -env: - BRANCH_NAME: $(echo ${GITHUB_REF#refs/heads/}) - PRODUCT_LOW: $(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]' ) - PRODUCT: "${{ github.event.repository.name }}" - BUILD_NUMBER: "${{ github.run_number }}" +env: + PRODUCT: ${{ github.event.repository.name }} + PRODUCT_LOW: echo ${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]' + PRODUCT_VERSION: echo ${{ github.ref }} | grep -oP '\d+\.\d+\.\d+' || echo '1.1.3' + BUILD_NUMBER: ${{ github.run_number }} + BRANCH_NAME: echo ${GITHUB_REF#refs/heads/} + PACKAGE_DIRECTORY: "/home/runner/work/${{ github.event.repository.name }}/${{ github.event.repository.name }}/build/install" jobs: - build_deb: - name: DEB packages + build: + name: Build Packages runs-on: ubuntu-20.04 permissions: contents: write - + + strategy: + matrix: + packageType: [deb, rpm] + steps: - name: Free Disk Space uses: jlumbroso/free-disk-space@main @@ -39,21 +45,20 @@ jobs: large-packages: true docker-images: true swap-storage: true - - - name: Import GPG + + - name: Import GPG uses: crazy-max/ghaction-import-gpg@v5 id: gpg_step - with: + with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASS }} - + - name: Get files from repository uses: actions/checkout@v3 with: submodules: 'recursive' - + - name: Prepare build - id: get_vars run: | wget -O - https://dl.yarnpkg.com/debian/pubkey.gpg | \ sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/yarnkey.gpg --import @@ -71,101 +76,36 @@ jobs: sudo apt-get -y update sudo apt install -y dotnet-sdk-7.0 yarn nodejs dh-make rename dpkg-sig lintian sudo npm install -g json - echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT - echo "VERSION=$(echo "${{ github.ref }}" | grep -oP '\d+\.\d+\.\d+' || echo "1.1.0")" >> $GITHUB_OUTPUT - - - name: Build - shell: bash + [ "${{ matrix.packageType }}" == "rpm" ] && sudo pip install rpmlint || true + + - name: Build DEB Packages + if: matrix.packageType == 'deb' run: | - cd build/install/deb/ - rename -f -v "s/product([^\/]*)$/${{ env.PRODUCT_LOW }}\$1/g" debian/* ../common/* ../common/logrotate/* - find ../ -type f -exec sed -i "s/{{product}}/${{ env.PRODUCT_LOW }}/g" {} ';' - sed -i "s/{{package_header_tag_version}}/${{ steps.get_vars.outputs.VERSION }}.$BUILD_NUMBER/g" \ - debian/changelog debian/control + cd build/install/deb/ + rename -f -v "s/product([^\/]*)$/$(${{ env.PRODUCT_LOW }})\$1/g" debian/* ../common/* ../common/logrotate/* + find ../ -type f -exec sed -i "s/{{product}}/$(${{ env.PRODUCT_LOW }})/g" {} ';' + sed -i "s/{{package_header_tag_version}}/$(${{ env.PRODUCT_VERSION }}).${{ env.BUILD_NUMBER }}/g" debian/changelog debian/control dpkg-buildpackage -uc -k${{ steps.gpg_step.outputs.fingerprint }} - - - name: Upload to Nexus - run: | - for file in /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/*.deb; do - echo $file - curl --verbose --user ${{ secrets.REPO_LOGIN }}:${{ secrets.REPO_PASS }} -H "Content-Type: multipart/form-data" \ - --data-binary "@$file" ${{ secrets.REPO_URL_4TESTING_DEB }} - done - - - name: Lint - run: | - lintian --suppress-tags=mismatched-override --profile debian /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/*.deb \ - | tee -a file - if grep -qE '^(W:|E:)' file; then echo \ - "::warning Noticedeb=lintian::$(cat file | awk '/^W:/ { ws += 1 } /^E:/ { es += 1 } END { print "Warnings:", ws, "Errors:", es }')"; fi - - build_rpm: - name: RPM packages - runs-on: ubuntu-20.04 - permissions: - contents: write - - steps: - - name: Free Disk Space - uses: jlumbroso/free-disk-space@main - with: - tool-cache: true - android: true - haskell: true - large-packages: true - docker-images: true - swap-storage: true - - - name: Import GPG - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASS }} - - name: Get files from repository - uses: actions/checkout@v3 - with: - submodules: 'recursive' - - - name: Prepare build - id: get_vars - run: | - wget -O - https://dl.yarnpkg.com/debian/pubkey.gpg | sudo gpg --no-default-keyring --keyring \ - gnupg-ring:/usr/share/keyrings/yarnkey.gpg --import - sudo chmod 644 /usr/share/keyrings/yarnkey.gpg - echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian/ stable main" | \ - sudo tee /etc/apt/sources.list.d/yarn.list - wget https://packages.microsoft.com/config/$(lsb_release -is | \ - tr [:upper:] [:lower:])/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb - sudo dpkg -i packages-microsoft-prod.deb - echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | \ - sudo tee /etc/apt/sources.list.d/nodesource.list - wget -O - https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \ - sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/nodesource.gpg --import - sudo chmod 644 /usr/share/keyrings/nodesource.gpg - sudo apt-get -y update - sudo apt install -y dotnet-sdk-7.0 yarn nodejs dh-make rename python3-pip python3-rpm - sudo npm install -g json - sudo pip install rpmlint - echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT - echo "VERSION=$(echo "${ GITHUB_REF##*/ }" | grep -oP '\d+\.\d+\.\d+' || echo "1.1.0")" >> $GITHUB_OUTPUT - - - name: Build + - name: Build RPM Packages + if: matrix.packageType == 'rpm' run: | cd build/install/rpm/SPECS - mv ./SOURCES/product.rpmlintrc ./SOURCES/${{ env.PRODUCT_LOW }}.rpmlintrc - wget https://github.com/ONLYOFFICE/${{ env.PRODUCT }}/archive/${{ env.BRANCH_NAME }}.tar.gz \ - -O ./SOURCES/${{ env.PRODUCT }}-$(echo ${{ env.BRANCH_NAME }} | tr '/' '-').tar.gz + mv ./SOURCES/product.rpmlintrc ./SOURCES/$(${{ env.PRODUCT_LOW }}).rpmlintrc + wget https://github.com/ONLYOFFICE/${{ env.PRODUCT }}/archive/$(${{ env.BRANCH_NAME }}).tar.gz \ + -O ./SOURCES/${{ env.PRODUCT }}-$(${{ env.BRANCH_NAME }} | tr '/' '-').tar.gz wget https://github.com/ONLYOFFICE/document-templates/archive/main/community-server.tar.gz \ - -O ./SOURCES/document-templates-main-community-server.tar.gz + -O ./SOURCES/document-templates-main-community-server.tar.gz wget https://github.com/ONLYOFFICE/dictionaries/archive/master.tar.gz \ - -O ./SOURCES/dictionaries-master.tar.gz + -O ./SOURCES/dictionaries-master.tar.gz sed -i -e '/BuildRequires/d' product.spec - rpmbuild -D "packager Ascensio System SIA " -D "GIT_BRANCH $(echo ${{ env.BRANCH_NAME }} \ - | tr '/' '-')" -D "_topdir $(pwd)" -D "version ${{ steps.get_vars.outputs.VERSION }}" \ - -D "release ${{ env.BUILD_NUMBER }}" -ba product.spec + rpmbuild -D "packager Ascensio System SIA " \ + -D "GIT_BRANCH $(${{ env.BRANCH_NAME }}| tr '/' '-')" -D "_topdir $(pwd)" \ + -D "version $(${{ env.PRODUCT_VERSION }})" \ + -D "release ${{ env.BUILD_NUMBER }}" -ba product.spec - - name: Sign + - name: Sign RPM Packages + if: matrix.packageType == 'rpm' run: | cat << EOF >> $HOME/.rpmmacros %_signature gpg @@ -175,21 +115,42 @@ jobs: EOF gpg --export --armor --output onlyoffice-gpgkey.pub rpm --import onlyoffice-gpgkey.pub - rpm --addsign /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/rpm/SPECS/RPMS/noarch/*.rpm - - - name: Upload + rpm --addsign ${{ env.PACKAGE_DIRECTORY }}/rpm/SPECS/RPMS/noarch/*.rpm + + - name: Upload DEB Packages + if: matrix.packageType == 'deb' run: | - for file in /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/rpm/SPECS/RPMS/noarch/*.rpm; do - curl --verbose --user ${{ secrets.REPO_LOGIN }}:${{ secrets.REPO_PASS }} \ - --upload-file "$file" ${{ secrets.REPO_URL_4TESTING_RPM }} + for deb_package in ${{ env.PACKAGE_DIRECTORY }}/*.deb; do + echo $deb_package + curl --verbose \ + --user ${{ secrets.REPO_LOGIN }}:${{ secrets.REPO_PASS }} \ + -H "Content-Type: multipart/form-data" \ + --data-binary "@$deb_package" ${{ secrets.REPO_URL_4TESTING_DEB }} done - - name: Rpmlint - run: | - for package in /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/rpm/SPECS/RPMS/noarch/*.rpm - do rpmlint --ignore-unused-rpmlintrc --rpmlintrc \ - /home/runner/work/${{ env.PRODUCT }}/${{ env.PRODUCT }}/build/install/rpm/SPECS/SOURCES/${{ env.PRODUCT_LOW }}.rpmlintrc $package \ - | tee -a file2 + - name: Upload RPM Packages + if: matrix.packageType == 'rpm' + run: | + for rpm_package in ${{ env.PACKAGE_DIRECTORY }}/rpm/SPECS/RPMS/noarch/*.rpm; do + curl --verbose \ + --user ${{ secrets.REPO_LOGIN }}:${{ secrets.REPO_PASS }} \ + --upload-file "$rpm_package" ${{ secrets.REPO_URL_4TESTING_RPM }} done - if grep -qE '^(W:|E:)' file2; then echo \ - "::warning NoticeRpm=rpmLint::$(cat file2 | awk '/W:/ { ws += 1 } /E:/ { es += 1 } END { print "Warnings:", ws, "Errors:", es }')" ; fi + + - name: Checking the DEB package for errors + if: matrix.packageType == 'deb' + run: | + lintian --suppress-tags=mismatched-override --profile debian ${{ env.PACKAGE_DIRECTORY }}/*.deb | tee -a LINTIAN + if grep -qE '^(W:|E:)' LINTIAN; then + echo "::warning Noticedeb=lintian::$(cat LINTIAN | awk '/^W:/ { ws += 1 } /^E:/ { es += 1 } END { print "Warnings:", ws, "Errors:", es }')" + fi + + - name: Checking the RPM package for errors + if: matrix.packageType == 'rpm' + run: | + for rpm_package in ${{ env.PACKAGE_DIRECTORY }}/rpm/SPECS/RPMS/noarch/*.rpm; do + rpmlint --ignore-unused-rpmlintrc --rpmlintrc ${{ env.PACKAGE_DIRECTORY }}/rpm/SPECS/SOURCES/$(${{ env.PRODUCT_LOW }}).rpmlintrc $rpm_package | tee -a RPM_LINT + done + if grep -qE '^(W:|E:)' RPM_LINT; then + echo "::warning Noticerpm=rpmlint::$(cat RPM_LINT | awk '/W:/ { ws += 1 } /E:/ { es += 1 } END { print "Warnings:", ws, "Errors:", es }')" + fi