added release action doing debuild with cloudsmith upload

volkszaehler · Apr 23, 2023 · 4e9ab17 · 4e9ab17
1 parent 7ab8642
commit 4e9ab17
Show file tree

Hide file tree

Showing 6 changed files with 223 additions and 2 deletions.
diff --git a/.github/workflows/debuild.yml b/.github/workflows/debuild.yml
@@ -0,0 +1,168 @@
+---
+# This is a copy from libsml. The idea is to merge both in the future. It is
+# however easier to develop this one standalone and later do a diff to see how
+# a common solution could look like.
+# Basically this is a fragmented bash script
+name: Debuild Release
+'on':
+  release:
+    types: published
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  PKG: vzlogger
+  KEYSERVER: keyserver.ubuntu.com
+  # Cloudsmith package repository
+  KEYFILE: /usr/share/keyrings/volkszaehler-volkszaehler-org-project-archive-keyring.gpg
+  CLOUDURL: https://dl.cloudsmith.io/public/volkszaehler/volkszaehler-org-project/deb/debian
+  CLOUD_KEY_ID: 21DBDAC56DF44DA1
+  REPO: volkszaehler/volkszaehler-org-project
+
+jobs:
+  debuild:
+    runs-on: ubuntu-latest
+    environment: main
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set env
+        # Here we are setting a variable from an expression.
+        run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
+      - name: add cloudsmith repo
+        run: |
+          LISTENTRY="deb [signed-by=$KEYFILE] $CLOUDURL bookworm main"
+          echo "$LISTENTRY" | sudo tee -a /etc/apt/sources.list
+          gpg --keyserver $KEYSERVER --recv-key $CLOUD_KEY_ID
+          sudo -E gpg -v --output "$KEYFILE" --export $CLOUD_KEY_ID
+          sudo apt-get update
+      - name: install devscripts
+        run: sudo apt-get install equivs devscripts pipx
+      - name: install dependencies
+        run: sudo mk-build-deps -ri
+      - name: debuild
+        run: debuild --no-sign
+      - name: import GPG key
+        # A secret passphrase is used because the key is stored on disk where
+        # it may persist while the passphrase is not.
+        run: |
+          echo -e "$SIGNING_KEY" | \
+              gpg --batch --passphrase "$SIGNING_PASSPHRASE" --import
+          gpg --list-secret-keys
+        env:
+          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+      - name: debsign
+        run: |
+          debsign -k"$SIGNING_KEY_ID" -p"gpg --batch --pinentry-mode loopback \
+              --passphrase $SIGNING_PASSPHRASE"
+        env:
+          SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+          # This is not a secret, but we want to have all signing
+          # configuration in one place
+          SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+      - name: upload as Release
+        run: |
+          set -x
+          assets=()
+          for asset in ../$PKG*.{tar.xz,dsc}; do
+            assets+=("-a" "$asset")
+          done
+          hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: upload to Cloudsmith
+        run: |
+            pipx install cloudsmith-cli
+            VERSION="${GITHUB_REF##*/v}"
+            DESCRIPTION_FILE="../${PKG}_$VERSION.dsc"
+            cloudsmith push deb ${REPO}/debian/any-version "$DESCRIPTION_FILE" \
+                --sources-file=$(dcmd --orig "$DESCRIPTION_FILE")
+        env:
+          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+  pbuilder:
+    needs: debuild
+    strategy:
+      matrix:
+        architecture: [armhf, arm64, amd64]
+        distribution: [bookworm, bullseye]
+    runs-on: ubuntu-latest
+    environment: main
+    env:
+      PBRT: /var/cache/pbuilder
+    steps:
+      - name: install pbuilder
+        run: |
+          sudo apt-get install pbuilder qemu-user-static \
+            debian-archive-keyring
+        # Needed for the release download
+      - uses: actions/checkout@v2
+      - name: Set env
+        # Here we are setting a variable from an expression.
+        run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
+      - name: download source release
+        run: |
+          set -x
+          hub release download "$TAG_NAME"
+          ls -l
+      - name: configure pbuilder
+        run: |
+          echo "MIRRORSITE=http://ftp2.de.debian.org/debian/
+          HOOKDIR=$PBRT/hooks" | \
+            sudo tee /root/.pbuilderrc
+          sudo mkdir -p $PBRT/hooks
+          echo "#!/bin/sh
+          apt-get -y install gnupg debian-archive-keyring ca-certificates
+          apt-key adv --keyserver $KEYSERVER --recv-keys $SIGNING_KEY_ID" | \
+            sudo tee $PBRT/hooks/G70Keys
+          sudo chmod a+x $PBRT/hooks/G70Keys
+          # OTHERMIRRORS can't do signed-by
+          echo "#!/bin/sh
+          LISTENTRY=\"deb [signed-by=$KEYFILE] $CLOUDURL ${{ matrix.distribution }} main\"
+          gpg --keyserver $KEYSERVER --recv-key $CLOUD_KEY_ID
+          gpg -v --output '$KEYFILE' --export $CLOUD_KEY_ID
+          echo \"\$LISTENTRY\" >> /etc/apt/sources.list
+          apt-get update" | \
+            sudo tee $PBRT/hooks/E70Keys
+          sudo chmod a+x $PBRT/hooks/E70Keys
+        env:
+          # This is not a secret, but we want to have all signing
+          # configuration in one place
+          SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+      - name: create bootstrap
+        run: |
+          sudo pbuilder create --architecture ${{ matrix.architecture }} \
+                 --distribution ${{ matrix.distribution }} \
+                 --debootstrap qemu-debootstrap \
+                 --basetgz $PBRT/current.tgz \
+                 --debootstrapopts --keyring=/usr/share/keyrings/debian-archive-keyring.gpg
+      - name: pbuild ${{ matrix.architecture }} ${{ matrix.distribution }}
+        # https://stackoverflow.com/questions/70435286/resource-not-accessible-by-integration-on-github-post-repos-owner-repo-ac
+        run: |
+          VERSION="${GITHUB_REF##*/v}"
+          sudo pbuilder build \
+                 --architecture  ${{ matrix.architecture }} \
+                 --basetgz $PBRT/current.tgz ${PKG}_$VERSION.dsc
+      - name: upload as Release
+        run: |
+          set -x
+          if [[ "${{ matrix.distribution }}" != bookworm ]]; then
+            exit
+          fi
+          assets=()
+          for asset in $PBRT/result/${PKG}*_${{ matrix.architecture }}.{deb,changes,buildinfo}; do
+            assets+=("-a" "$asset")
+          done
+          hub release edit "${assets[@]}" -m "$TAG_NAME" "$TAG_NAME"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: upload to Cloudsmith
+        run: |
+            pipx install cloudsmith-cli
+            VERSION="${GITHUB_REF##*/v}"
+            CHANGES_FILE="$PBRT/result/${PKG}_${VERSION}_${{ matrix.architecture }}.changes"
+            for DEB in $(dcmd --deb $CHANGES_FILE); do
+                cloudsmith push deb \
+                    ${REPO}/debian/${{ matrix.distribution }} "$DEB"
+            done
+        env:
+          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -11,7 +11,7 @@ ENDIF()
 
 set(VZLOGGER_MAJOR_VERSION 0)
 set(VZLOGGER_MINOR_VERSION 8)
-set(VZLOGGER_SUB_VERSION   1)
+set(VZLOGGER_SUB_VERSION 1)
 set(VERSION_SEP "-")
 set(VZLOGGER_SHORT_VERSION "${VZLOGGER_MAJOR_VERSION}${VERSION_SEP}${VZLOGGER_MINOR_VERSION}")
 set(VZLOGGER_VERSION "${VZLOGGER_SHORT_VERSION}${VERSION_SEP}${VZLOGGER_SUB_VERSION}")

diff --git a/GITHUB_RELEASE.txt b/GITHUB_RELEASE.txt
@@ -0,0 +1,20 @@
+
+How to do a Github Release
+
+Running debuild sets the version in CMakeLists.txt from the one in 
+debian/changelog. This then has to be commited.
+
+To do a Github release that triggers the debuild action you have to create a
+version tag v<version>. This version must match the version in first line of 
+the debian/changelog. The tag must have a v prefix.
+
+So as a step by step guide this is:
+1. Make a debian/changelog entry for the new version. This can be done with
+   dch -v <version>.
+2. Run debuild followed by add -u; commit -m "v<version>" and bring that 
+   commit into the master branch.
+3. Create a tag v<version> in Github.
+4. Create a release from that tag. The release action that is triggered will 
+   create the packages and upload them to the cloudsmith repo. This will take
+   about an hour.
+
diff --git a/README.md b/README.md
@@ -43,6 +43,29 @@ You can start it:
 where /home/pi/projects/vzlogger-docker is the path to the directory containing the vzlogger.conf file and
 /dev/serial/by-id/usb-FTDI_FT230X_Basic_UART_D30A8U6N-if00-port0 is your device. You can pass several devices if you have them.
 
+Debian Packages
+-------------
+
+[![Hosted By: Cloudsmith](https://img.shields.io/badge/OSS%20hosting%20by-cloudsmith-blue?logo=cloudsmith&style=flat-square)](https://cloudsmith.com)
+
+We now build debian packages for amd64, armhf and arm64 as part of our releases.
+The ones attached to the release are meant for bookworm. These and packages for 
+bullseye are also provided through a repository graciously provided by 
+[Cloudsmith](https://cloudsmith.com).
+
+The setup of the repository is also 
+[explained by Cloudsmith](https://cloudsmith.io/~volkszaehler/repos/volkszaehler-org-project/setup/#formats-deb).
+This boils down to adding a file to /etc/apt/sources.list.d/ containing
+```
+deb [signed-by=/usr/share/keyrings/volkszaehler-volkszaehler-org-project-archive-keyring.gpg] https://dl.cloudsmith.io/public/volkszaehler/volkszaehler-org-project/deb/debian bookworm main
+deb-src [signed-by=/usr/share/keyrings/volkszaehler-volkszaehler-org-project-archive-keyring.gpg] https://dl.cloudsmith.io/public/volkszaehler/volkszaehler-org-project/deb/debian bookworm main
+```
+and retrieving the key as a trusted one
+```
+curl -1sLf "https://dl.cloudsmith.io/public/volkszaehler/volkszaehler-org-project/gpg.21DBDAC56DF44DA1.key" | \
+	gpg --dearmor > /usr/share/keyrings/volkszaehler-volkszaehler-org-project-archive-keyring.gpg
+```
+
 Mailing List
 -------------
 If you have questions, contact the volkszaehler mailing lists:

diff --git a/debian/control b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
 Maintainer: Joachim Zobel <[email protected]>
 Build-Depends: debhelper (>= 13), pkg-config (>= 0.25), 
  libjson-c-dev (>= 0.9), libcurl4-openssl-dev (>= 7.19),
- libmicrohttpd-dev (>= 0.4.6), libsml-dev (>= 0.1.1), cmake, libsasl2-dev,
+ libmicrohttpd-dev (>= 0.4.6), libsml-dev (>= 1.0), cmake, libsasl2-dev,
  libssl-dev, libgcrypt-dev, libgnutls28-dev, uuid-dev, libunistring-dev,
  libgmock-dev, libgtest-dev, pandoc
 Standards-Version: 4.6.1

diff --git a/debian/rules b/debian/rules
@@ -9,6 +9,16 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+VERSION=$(shell dpkg-parsechangelog --show-field Version 2>/dev/null | cut -f1 -d-)
+VERSION1=$(shell echo ${VERSION} | cut -f1 -d.)
+VERSION2=$(shell echo ${VERSION} | cut -f2 -d.)
+VERSION3=$(shell echo ${VERSION} | cut -f3 -d.)
+
+execute_before_dh_auto_configure:
+	sed -i "s#set(VZLOGGER_MAJOR_VERSION.*)#set(VZLOGGER_MAJOR_VERSION ${VERSION1})#" CMakeLists.txt
+	sed -i "s#set(VZLOGGER_MINOR_VERSION.*)#set(VZLOGGER_MINOR_VERSION ${VERSION2})#" CMakeLists.txt
+	sed -i "s#set(VZLOGGER_SUB_VERSION.*)#set(VZLOGGER_SUB_VERSION ${VERSION3})#" CMakeLists.txt
+
 ifneq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
 override_dh_auto_configure:
 	dh_auto_configure -- -DBUILD_TEST=off