From c11714b3f2039c02e06cb5a773f418a4665e5dd7 Mon Sep 17 00:00:00 2001 From: ann0see <20726856+ann0see@users.noreply.github.com> Date: Tue, 14 Feb 2023 21:55:17 +0100 Subject: [PATCH 1/2] Autobuild: Create Debian repository on release Co-authored-by: Christian Hoffmann --- .github/workflows/autobuild.yml | 86 +++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 3df4287c42..5144a45387 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -445,3 +445,89 @@ jobs: - name: Perform CodeQL Analysis if: matrix.config.run_codeql uses: github/codeql-action/analyze@v2 + + create_deb_repo: + name: Create files for .deb repository (if requested) + runs-on: ubuntu-22.04 + needs: [create_release, release_assets] + if: needs.create_release.outputs.publish_to_release == 'true' + # Set permissions to allow uploading artifact, uploading to release + permissions: + checks: write + contents: write + steps: + - name: Import GPG key + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + run: | + set -eu + + [[ "${GPG_PRIVATE_KEY:-}" ]] || { + echo "Missing Github secret GPG_PRIVATE_KEY. Please set it on GitHub to enable deb repository releases." + exit 1 + } + mkdir -p gpghome + chmod 700 gpghome + echo "${GPG_PRIVATE_KEY}" | gpg --homedir gpghome --import - + # Unfortunately download-artifact action doesn't support wild card downloads. Thus downloading all artifacts + - name: Download all artifacts + uses: actions/download-artifact@v3 + with: + path: releasedl/ + - name: Create debian repository + run: | + set -eu + + # Create and cd into repo directory + mkdir repo + mv releasedl/*.deb/*.deb repo/ + pushd repo + + # create repo files + apt-ftparchive packages . > Packages + apt-ftparchive release . > Release + gpg --homedir "../gpghome" --armor --yes --clearsign --output InRelease --detach-sign Release + gpg --homedir "../gpghome" --armor --export > "key.asc" + + popd + + - name: Upload Packages file to release + id: deb-upload-packagesfile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/Packages + asset_name: Packages + asset_content_type: text/plain + - name: Upload Release file to release + id: deb-upload-releasefile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/Release + asset_name: Release + asset_content_type: message/rfc822 + - name: Upload InRelease file to release + id: deb-upload-inreleasefile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/InRelease + asset_name: InRelease + asset_content_type: text/PGP + - name: Upload Key file to release + id: deb-upload-keyascfile + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create_release.outputs.upload_url }} + asset_path: repo/key.asc + asset_name: key.asc + asset_content_type: application/pgp-keys From 09a2e173efd8de4abfb6686b5079941e0f7a025d Mon Sep 17 00:00:00 2001 From: hoffie Date: Tue, 14 Feb 2023 22:24:04 +0100 Subject: [PATCH 2/2] Linux: Add script to install Debian repository automatically --- .github/workflows/autobuild.yml | 15 ++++++++++++--- linux/setup_repo.sh | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100755 linux/setup_repo.sh diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 5144a45387..e1955f4de2 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -463,18 +463,23 @@ jobs: set -eu [[ "${GPG_PRIVATE_KEY:-}" ]] || { - echo "Missing Github secret GPG_PRIVATE_KEY. Please set it on GitHub to enable deb repository releases." - exit 1 + echo "Missing Github secret GPG_PRIVATE_KEY. Please set it on GitHub to enable deb repository releases. Skipping step..." + echo "GPG_REPO_KEY_MISSING=true" >> ${GITHUB_ENV} + exit 0 } + + echo "GPG_REPO_KEY_MISSING=false" >> ${GITHUB_ENV} mkdir -p gpghome chmod 700 gpghome echo "${GPG_PRIVATE_KEY}" | gpg --homedir gpghome --import - # Unfortunately download-artifact action doesn't support wild card downloads. Thus downloading all artifacts - name: Download all artifacts + if: env.GPG_REPO_KEY_MISSING == 'false' uses: actions/download-artifact@v3 with: path: releasedl/ - - name: Create debian repository + - name: Create Debian repository + if: env.GPG_REPO_KEY_MISSING == 'false' run: | set -eu @@ -492,6 +497,7 @@ jobs: popd - name: Upload Packages file to release + if: env.GPG_REPO_KEY_MISSING == 'false' id: deb-upload-packagesfile uses: actions/upload-release-asset@v1 env: @@ -502,6 +508,7 @@ jobs: asset_name: Packages asset_content_type: text/plain - name: Upload Release file to release + if: env.GPG_REPO_KEY_MISSING == 'false' id: deb-upload-releasefile uses: actions/upload-release-asset@v1 env: @@ -512,6 +519,7 @@ jobs: asset_name: Release asset_content_type: message/rfc822 - name: Upload InRelease file to release + if: env.GPG_REPO_KEY_MISSING == 'false' id: deb-upload-inreleasefile uses: actions/upload-release-asset@v1 env: @@ -522,6 +530,7 @@ jobs: asset_name: InRelease asset_content_type: text/PGP - name: Upload Key file to release + if: env.GPG_REPO_KEY_MISSING == 'false' id: deb-upload-keyascfile uses: actions/upload-release-asset@v1 env: diff --git a/linux/setup_repo.sh b/linux/setup_repo.sh new file mode 100755 index 0000000000..933f0e5af8 --- /dev/null +++ b/linux/setup_repo.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# This script installs a Jamulus repository to Debian based systems + +if [[ ${EUID} -ne 0 ]]; then + echo "Error: This script must be run as root." + exit 1 +fi + +REPO_FILE=/etc/apt/sources.list.d/jamulus.list +KEY_FILE=/etc/apt/trusted.gpg.d/jamulus.asc +GITHUB_REPOSITORY="jamulussoftware/jamulus" + +echo "Setting up Jamulus repo at ${REPO_FILE}..." +echo "deb https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/ ./" > ${REPO_FILE} +echo "Installing Jamulus GPG key at ${KEY_FILE}..." +curl --fail --show-error -sLo "${KEY_FILE}" https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/key.asc + +CURL_EXITCODE=$? +if [[ ${CURL_EXITCODE} -ne 0 ]]; then + echo "Error: Download of gpg key failed. Please try again later." + exit ${CURL_EXITCODE} +fi + +echo "Running apt update..." +apt -qq update +echo "You should now be able to install a full Jamulus package via" +echo " apt install jamulus" +echo "or a server-only, dependency-reduced build via" +echo " apt install jamulus-headless" +echo +echo "This package will automatically be updated when you perform system updates."