diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 3df4287c42..e1955f4de2 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -445,3 +445,98 @@ jobs: - name: Perform CodeQL Analysis if: matrix.config.run_codeql uses: github/codeql-action/analyze@v2 + + create_deb_repo: + name: Create files for .deb repository (if requested) + runs-on: ubuntu-22.04 + needs: [create_release, release_assets] + if: needs.create_release.outputs.publish_to_release == 'true' + # Set permissions to allow uploading artifact, uploading to release + permissions: + checks: write + contents: write + steps: + - name: Import GPG key + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + run: | + set -eu + + [[ "${GPG_PRIVATE_KEY:-}" ]] || { + echo "Missing Github secret GPG_PRIVATE_KEY. Please set it on GitHub to enable deb repository releases. Skipping step..." + echo "GPG_REPO_KEY_MISSING=true" >> ${GITHUB_ENV} + exit 0 + } + + echo "GPG_REPO_KEY_MISSING=false" >> ${GITHUB_ENV} + mkdir -p gpghome + chmod 700 gpghome + echo "${GPG_PRIVATE_KEY}" | gpg --homedir gpghome --import - + # Unfortunately download-artifact action doesn't support wild card downloads. Thus downloading all artifacts + - name: Download all artifacts + if: env.GPG_REPO_KEY_MISSING == 'false' + uses: actions/download-artifact@v3 + with: + path: releasedl/ + - name: Create Debian repository + if: env.GPG_REPO_KEY_MISSING == 'false' + run: | + set -eu + + # Create and cd into repo directory + mkdir repo + mv releasedl/*.deb/*.deb repo/ + pushd repo + + # create repo files + apt-ftparchive packages . > Packages + apt-ftparchive release . > Release + gpg --homedir "../gpghome" --armor --yes --clearsign --output InRelease --detach-sign Release + gpg --homedir "../gpghome" --armor --export > "key.asc" + + popd + + - name: Upload Packages file to release + if: env.GPG_REPO_KEY_MISSING == 'false' + id: deb-upload-packagesfile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/Packages + asset_name: Packages + asset_content_type: text/plain + - name: Upload Release file to release + if: env.GPG_REPO_KEY_MISSING == 'false' + id: deb-upload-releasefile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/Release + asset_name: Release + asset_content_type: message/rfc822 + - name: Upload InRelease file to release + if: env.GPG_REPO_KEY_MISSING == 'false' + id: deb-upload-inreleasefile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/InRelease + asset_name: InRelease + asset_content_type: text/PGP + - name: Upload Key file to release + if: env.GPG_REPO_KEY_MISSING == 'false' + id: deb-upload-keyascfile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/key.asc + asset_name: key.asc + asset_content_type: application/pgp-keys diff --git a/linux/setup_repo.sh b/linux/setup_repo.sh new file mode 100755 index 0000000000..933f0e5af8 --- /dev/null +++ b/linux/setup_repo.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# This script installs a Jamulus repository to Debian based systems + +if [[ ${EUID} -ne 0 ]]; then + echo "Error: This script must be run as root." + exit 1 +fi + +REPO_FILE=/etc/apt/sources.list.d/jamulus.list +KEY_FILE=/etc/apt/trusted.gpg.d/jamulus.asc +GITHUB_REPOSITORY="jamulussoftware/jamulus" + +echo "Setting up Jamulus repo at ${REPO_FILE}..." +echo "deb https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/ ./" > ${REPO_FILE} +echo "Installing Jamulus GPG key at ${KEY_FILE}..." +curl --fail --show-error -sLo "${KEY_FILE}" https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/key.asc + +CURL_EXITCODE=$? +if [[ ${CURL_EXITCODE} -ne 0 ]]; then + echo "Error: Download of gpg key failed. Please try again later." + exit ${CURL_EXITCODE} +fi + +echo "Running apt update..." +apt -qq update +echo "You should now be able to install a full Jamulus package via" +echo " apt install jamulus" +echo "or a server-only, dependency-reduced build via" +echo " apt install jamulus-headless" +echo +echo "This package will automatically be updated when you perform system updates."