nikrozman/element-desktop
1
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Activity

Delegate packages.element.io to its own repo (#604

Browse Source 
* Move element-io-archive-keyring

* Move debian conf

* Move packages.element.io

* Delegate reprepro to packages.element.io

* Iterate

* Stash

* Iterate

* Iterate

* Iterate
This commit is contained in:
Michael Telatynski
2023-04-14 11:30:14 +01:00
committed by GitHub
parent 005ab48f18
commit 1e5932cea2
63 changed files with 43 additions and 2269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/build_and_deploy.yaml vendored
View File

@@ -41,7 +41,7 @@ on:
default: true
concurrency: ${{ github.workflow }}
env:
R2_BUCKET: "packages-element-io"
R2_BUCKET: ${{ vars.R2_BUCKET }}
jobs:
prepare:
uses: ./.github/workflows/build_prepare.yaml
@@ -52,7 +52,6 @@ jobs:
secrets:
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
CF_R2_S3_API: ${{ secrets.CF_R2_S3_API }}
windows_32bit:
if: github.event_name != 'workflow_dispatch' || inputs.windows_32bit
@@ -140,9 +139,16 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
R2_URL: ${{ vars.CF_R2_S3_API }}
DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
- name: Notify packages.element.io of new files
uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2
with:
token: ${{ secrets.ELEMENT_BOT_TOKEN }}
repository: vector-im/packages.element.io
event-type: packages-index
reprepro:
needs:
- linux

53
.github/workflows/build_keyring.yaml vendored
View File

@@ -1,53 +0,0 @@
name: Build Keyring package
on:
workflow_dispatch:
inputs:
deploy:
description: Deploy artifacts
required: true
type: boolean
default: true
fingerprint:
description: The expected gpg fingerprint
required: true
type: string
concurrency: ${{ github.workflow }}
jobs:
build:
name: Build Keyring package
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Prepare
run: |
mkdir -p element-io-archive-keyring/usr/share/keyrings/
cp packages.element.io/debian/element-io-archive-keyring.gpg element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
- name: Check fingerprint
run: |
gpg --import element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
gpg --fingerprint "$FINGERPRINT"
env:
FINGERPRINT: ${{ inputs.fingerprint }}
- name: Build deb package
run: |
chmod u=rw,go=r element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
dpkg-deb -Zxz --root-owner-group --build element-io-archive-keyring element-io-archive-keyring.deb
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: element-io-archive-keyring
path: "*.deb"
retention-days: 1
reprepro:
needs: build
name: Run reprepro
if: inputs.deploy
uses: ./.github/workflows/reprepro.yaml
secrets: inherit
with:
artifact-name: element-io-archive-keyring

7
.github/workflows/build_prepare.yaml vendored
View File

@@ -22,9 +22,6 @@ on:
# Required if `nightly` is set
CF_R2_TOKEN:
required: false
# Required if `nightly` is set
CF_R2_S3_API:
required: false
outputs:
macos-version:
description: "The version string the next macOS Nightly should use, only output for nightly"
@@ -84,8 +81,8 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_BUCKET: "packages-element-io"
R2_URL: ${{ secrets.CF_R2_S3_API }}
R2_BUCKET: ${{ vars.R2_BUCKET }}
R2_URL: ${{ vars.CF_R2_S3_API }}
- name: Check version
id: package

49
.github/workflows/packages_index.yaml vendored
View File

@@ -1,49 +0,0 @@
name: Generate packages.element.io directory indexes
on:
# Trigger a rebuild of all indexes if the template gets updated
push:
branches: [develop]
paths:
- "packages.element.io/**"
# Trigger a daily rebuild for (mac-mini built) Nightly builds
schedule:
- cron: "0 11 * * *"
# Trigger after Nightly builds are deployed
workflow_run:
workflows: ["Build and Deploy"]
types:
- completed
# Manual trigger for rebuilding for releases
workflow_dispatch: {}
jobs:
deploy:
name: "Deploy"
if: github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
environment: packages.element.io
env:
R2_BUCKET: "packages-element-io"
R2_URL: ${{ secrets.CF_R2_S3_API }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
cache: "yarn"
- name: Install Deps
run: "yarn install --pure-lockfile"
- name: Copy static files
if: github.event_name == 'push'
run: aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/ --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Generate directory indexes
run: scripts/generate-packages-index.ts
env:
CF_R2_S3_API: ${{ secrets.CF_R2_S3_API }}
CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}

91
.github/workflows/reprepro.yaml vendored
View File

@@ -4,18 +4,14 @@ on:
artifact-name:
type: string
required: true
description: "The name of the artifact containing the debs to include"
description: "The name of the artifact containing the deb to include"
secrets:
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
ELEMENT_BOT_TOKEN:
required: true
CF_R2_ACCESS_KEY_ID:
required: false
required: true
CF_R2_TOKEN:
required: false
CF_R2_S3_API:
required: false
required: true
# Protect reprepro database using concurrency
concurrency: reprepro
jobs:
@@ -24,68 +20,29 @@ jobs:
environment: packages.element.io
runs-on: ubuntu-latest
env:
R2_BUCKET: "packages-element-io"
R2_DB_BUCKET: packages-element-io-db
R2_URL: ${{ secrets.CF_R2_S3_API }}
R2_INCOMING_BUCKET: ${{ vars.R2_INCOMING_BUCKET }}
R2_URL: ${{ vars.CF_R2_S3_API }}
steps:
- uses: actions/checkout@v3
- name: Download artifacts
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.artifact-name }}
path: dist
- name: Load GPG key
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
- name: Upload incoming deb
id: upload
run: |
deb="$(ls dist/*.deb | tail -n1)"
echo "incoming=$deb" >> $GITHUB_OUTPUT
aws s3 cp "$deb" "s3://$R2_INCOMING_BUCKET" --endpoint-url "$R2_URL" --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Notify packages.element.io of incoming deb
uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
- name: Install reprepro
run: sudo apt-get install -y reprepro
- name: Fetch database
run: aws s3 cp --recursive s3://$R2_DB_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Run reprepro
run: |
grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
reprepro -b debian includedeb "$target" ./dist/*.deb
done
- name: Check repository works
run: |
# Download signing keyring
sudo wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
# Point apt at local apt repo
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://127.0.0.1:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list
# Start http server and fetch from it via apt
python3 -m http.server 8000 --bind 127.0.0.1 &
sudo apt-get update --allow-insecure-repositories
killall python3
# Validate the package in the repo quacks like the one we expect
info=$(dpkg --info ../dist/*.deb)
package=$(echo "$info" | grep "Package:" | sed -n 's/ Package: //p')
version=$(echo "$info" | grep "Version:" | sed -n 's/ Version: //p')
apt-cache show "$package" | grep "Version: $version"
working-directory: ./packages.element.io
- name: Deploy debian repo
run: |
aws s3 cp --recursive packages.element.io/debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Store database
run: aws s3 cp --recursive debian/db/ s3://$R2_DB_BUCKET --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
token: ${{ secrets.ELEMENT_BOT_TOKEN }}
repository: vector-im/packages.element.io
event-type: reprepro-incoming
client-payload: '{"incoming": "${{ steps.upload.outputs.incoming }}"}'