ffsend/.gitlab-ci.yml
2023-08-20 17:48:39 +02:00

391 lines
14 KiB
YAML

# GitLab CI configuration for ffsend builds, tests and releases
#
# To add a new release:
# - configure a new 'build-*' job with the proper target
# - export a build artifact from the new job
# - manually upload artifact to GitHub in the 'github-release' job
image: "rust:slim"
stages:
- check
- build
- test
- release
- package
# Variable defaults
variables:
RUST_VERSION: stable
RUST_TARGET: x86_64-unknown-linux-gnu
# Cache rust/cargo/build artifacts
cache:
key: "$CI_PIPELINE_ID-$RUST_VERSION"
paths:
- /usr/local/cargo/registry/
- /usr/local/rustup/toolchains/
- /usr/local/rustup/update-hashes/
- target/
# Install compiler and OpenSSL dependencies
before_script:
- apt-get update
- apt-get install -y --no-install-recommends build-essential pkg-config libssl-dev
- |
rustup install $RUST_VERSION
rustup default $RUST_VERSION
- |
rustc --version
cargo --version
# Check on stable, beta and nightly
.check-base: &check-base
stage: check
script:
- cargo check --verbose
- cargo check --no-default-features --features send3,crypto-ring --verbose
- cargo check --no-default-features --features send2,crypto-openssl --verbose
- cargo check --no-default-features --features send3,crypto-openssl --verbose
- cargo check --no-default-features --features send2,send3,crypto-openssl --verbose
- cargo check --no-default-features --features send3,crypto-ring,archive --verbose
- cargo check --no-default-features --features send3,crypto-ring,history --verbose
- cargo check --no-default-features --features send3,crypto-ring,qrcode --verbose
- cargo check --no-default-features --features send3,crypto-ring,urlshorten --verbose
- cargo check --no-default-features --features send3,crypto-ring,infer-command --verbose
- cargo check --features no-color --verbose
check-stable:
<<: *check-base
check-beta:
<<: *check-base
variables:
RUST_VERSION: beta
check-nightly:
<<: *check-base
variables:
RUST_VERSION: nightly
check-msrv:
<<: *check-base
variables:
RUST_VERSION: "1.63.0"
# Build using Rust stable
build-x86_64-linux-gnu:
stage: build
needs: []
script:
- cargo build --target=$RUST_TARGET --release --verbose
- mv target/$RUST_TARGET/release/ffsend ./ffsend-$RUST_TARGET
- strip -g ./ffsend-$RUST_TARGET
artifacts:
name: ffsend-x86_64-linux-gnu
paths:
- ffsend-$RUST_TARGET
expire_in: 1 month
# Build a static version
build-x86_64-linux-musl:
stage: build
needs: []
variables:
RUST_TARGET: x86_64-unknown-linux-musl
script:
# Install the static target
- rustup target add $RUST_TARGET
# Build OpenSSL statically
- apt-get install -y build-essential wget musl-tools
- wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1k.tar.gz
- tar xzvf openssl-1.1.1k.tar.gz
- cd openssl-1.1.1k
- ./config no-async -fPIC --openssldir=/usr/local/ssl --prefix=/usr/local
- make
- make install
- cd ..
# Statically build ffsend
- export OPENSSL_STATIC=1
- export OPENSSL_LIB_DIR=/usr/local/lib
- export OPENSSL_INCLUDE_DIR=/usr/local/include
- cargo build --target=$RUST_TARGET --release --verbose
# Prepare the release artifact, strip it
- find . -name ffsend -exec ls -lah {} \;
- mv target/$RUST_TARGET/release/ffsend ./ffsend-$RUST_TARGET
- strip -g ./ffsend-$RUST_TARGET
artifacts:
name: ffsend-x86_64-linux-musl
paths:
- ffsend-$RUST_TARGET
expire_in: 1 month
# Run the unit tests through Cargo
test-cargo:
stage: test
needs: []
dependencies: []
script:
- cargo test --verbose
# Run integration test with the public Send service
test-public:
image: alpine:latest
stage: test
dependencies:
- build-x86_64-linux-musl
variables:
GIT_STRATEGY: none
RUST_TARGET: x86_64-unknown-linux-musl
before_script: []
script:
# Prepare ffsend binary, create random file
- mv ./ffsend-$RUST_TARGET ./ffsend
- chmod a+x ./ffsend
- head -c1m </dev/urandom >test.txt
# Generate random file, upload/download and assert equality
- ./ffsend upload test.txt -I
- ./ffsend download $(./ffsend history -q) -I -o=download.txt
- "cmp -s ./test.txt ./download.txt || (echo ERROR: Downloaded file is different than original; exit 1)"
- rm ./download.txt
# Cargo crate release
release-crate:
stage: release
dependencies: []
only:
- /^v(\d+\.)*\d+$/
script:
- echo "Creating release crate to publish on crates.io..."
- echo $CARGO_TOKEN | cargo login
- echo "Publishing crate to crates.io..."
- cargo publish --verbose --allow-dirty
# Snap release
release-snap:
image: snapcore/snapcraft:stable
stage: release
dependencies: []
only:
- /^v(\d+\.)*\d+$/
before_script: []
script:
# Prepare the environment
- apt-get update -y
- apt-get install python3 -yqq
- cd pkg/snap
# Update version number in snapcraft.yaml
- VERSION=$(echo $CI_COMMIT_REF_NAME | cut -c 2-)
- echo "Determined binary version number 'v$VERSION', updating snapcraft.yaml..."
- 'sed "s/^version:.*\$/version: $VERSION/" -i snapcraft.yaml'
- 'sed "s/^pkgver=.*\$/pkgver=$VERSION/" -i snapcraft.yaml'
# Build the package
- echo "Building snap package..."
- snapcraft
# Publish snap package
- echo "Publishing snap package..."
- echo "$SNAPCRAFT_LOGIN" | base64 -d > snapcraft.login
- snapcraft whoami
- snapcraft push --release=stable ffsend_*_amd64.snap
artifacts:
name: ffsend-snap-x86_64
paths:
- pkg/snap/ffsend_*_amd64.snap
expire_in: 1 month
# Publish release binaries to as GitHub release
release-github:
stage: release
only:
- /^v(\d+\.)*\d+$/
dependencies:
- build-x86_64-linux-gnu
- build-x86_64-linux-musl
before_script: []
script:
# Install dependencies
- apt-get update
- apt-get install -y curl wget gzip netbase
# Download github-release binary
- wget https://github.com/tfausak/github-release/releases/download/1.2.5/github-release-linux.gz -O github-release.gz
- gunzip github-release.gz
- chmod a+x ./github-release
# Create the release, upload binaries
- ./github-release release --token "$GITHUB_TOKEN" --owner timvisee --repo ffsend --tag "$CI_COMMIT_REF_NAME" --title "ffsend $CI_COMMIT_REF_NAME"
- ./github-release upload --token "$GITHUB_TOKEN" --owner timvisee --repo ffsend --tag "$CI_COMMIT_REF_NAME" --file ./ffsend-x86_64-unknown-linux-gnu --name ffsend-$CI_COMMIT_REF_NAME-linux-x64
- ./github-release upload --token "$GITHUB_TOKEN" --owner timvisee --repo ffsend --tag "$CI_COMMIT_REF_NAME" --file ./ffsend-x86_64-unknown-linux-musl --name ffsend-$CI_COMMIT_REF_NAME-linux-x64-static
# Publish a Docker image
release-docker:
image: docker:git
stage: release
only:
- /^v(\d+\.)*\d+$/
dependencies:
- build-x86_64-linux-musl
services:
- docker:dind
variables:
RUST_TARGET: x86_64-unknown-linux-musl
DOCKER_HOST: tcp://docker:2375
# DOCKER_DRIVER: overlay2
before_script: []
script:
# Place binary in Docker directory, change to it
- mv ./ffsend-$RUST_TARGET ./pkg/docker/ffsend
- cd ./pkg/docker
# Build the Docker image, run it once to test
- docker build -t timvisee/ffsend:latest ./
- docker run --rm timvisee/ffsend:latest -V
# Retag version
- VERSION=$(echo $CI_COMMIT_REF_NAME | cut -c 2-)
- echo "Determined Docker image version number 'v$VERSION', retagging image..."
- docker tag timvisee/ffsend:latest timvisee/ffsend:$VERSION
# Authenticate and push the Docker images
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USER" --password-stdin
- docker push timvisee/ffsend:$VERSION
- docker push timvisee/ffsend:latest
# AUR packages release
package-aur:
image: archlinux
stage: package
needs:
- release-github
dependencies: []
only:
- /^v(\d+\.)*\d+$/
before_script: []
script:
- cd ./pkg/aur
# Determine the version number we're releasing for
- VERSION=$(echo $CI_COMMIT_REF_NAME | cut -c 2-)
- echo "Determined binary version number 'v$VERSION'"
# Determine remote URLs and SHA checksums
- echo "Determining SHA checksums for remote files..."
- URL_BIN=https://github.com/timvisee/ffsend/releases/download/v$VERSION/ffsend-v$VERSION-linux-x64-static
- URL_SOURCE=https://gitlab.com/timvisee/ffsend/-/archive/v$VERSION/ffsend-v$VERSION.tar.gz
- URL_BASH_COMPLETION=https://gitlab.com/timvisee/ffsend/raw/v$VERSION/contrib/completions/ffsend.bash
- URL_ZSH_COMPLETION=https://gitlab.com/timvisee/ffsend/raw/v$VERSION/contrib/completions/_ffsend
- URL_FISH_COMPLETION=https://gitlab.com/timvisee/ffsend/raw/v$VERSION/contrib/completions/ffsend.fish
- URL_LICENSE=https://gitlab.com/timvisee/ffsend/raw/v$VERSION/LICENSE
- 'echo "Selected binary URL: $URL_BIN"'
- 'echo "Selected source URL: $URL_SOURCE"'
- echo "Determining sha256sum for remote binary..."
- 'SHA_BIN=$(curl -sSL "$URL_BIN" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sum: $SHA_BIN"'
- 'SHA_BASH_COMPLETION=$(curl -sSL "$URL_BASH_COMPLETION" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sums of bash completion: $SHA_BASH_COMPLETION"'
- 'SHA_ZSH_COMPLETION=$(curl -sSL "$URL_ZSH_COMPLETION" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sums of ZSH completion: $SHA_ZSH_COMPLETION"'
- 'SHA_FISH_COMPLETION=$(curl -sSL "$URL_FISH_COMPLETION" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sums of fish completion: $SHA_FISH_COMPLETION"'
- 'SHA_LICENSE=$(curl -sSL "$URL_LICENSE" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sums of LICENSE: $SHA_LICENSE"'
- echo "Determining sha256sum for remote source..."
- 'SHA_SOURCE=$(curl -sSL "$URL_SOURCE" | sha256sum | cut -d" " -f1)'
- 'echo "Got sha256sum: $SHA_SOURCE"'
# Update PKGBUILD parameters: version, source URL and SHA sum
- echo "Updating PKGBUILDS with release information..."
- sed "s/^pkgver=.*\$/pkgver=$VERSION/" -i ffsend/PKGBUILD
- sed "s/^pkgver=.*\$/pkgver=$VERSION/" -i ffsend-bin/PKGBUILD
- sed "s/^pkgver=.*\$/pkgver=$VERSION.$CI_COMMIT_SHORT_SHA/" -i ffsend-git/PKGBUILD
- sed "s/^source=(\".*\").*\$/source=(\"$(echo $URL_SOURCE | sed 's/\//\\\//g')\")/" -i ffsend/PKGBUILD
- sed "s/\(\"ffsend-v\$pkgver::\).*\"/\1$(echo $URL_BIN | sed 's/\//\\\//g')\"/" -i ffsend-bin/PKGBUILD
- sed "s/\(\"ffsend-v\$pkgver.bash::\).*\"/\1$(echo $URL_BASH_COMPLETION | sed 's/\//\\\//g')\"/" -i ffsend-bin/PKGBUILD
- sed "s/\(\"ffsend-v\$pkgver.zsh::\).*\"/\1$(echo $URL_ZSH_COMPLETION | sed 's/\//\\\//g')\"/" -i ffsend-bin/PKGBUILD
- sed "s/\(\"ffsend-v\$pkgver.fish::\).*\"/\1$(echo $URL_FISH_COMPLETION | sed 's/\//\\\//g')\"/" -i ffsend-bin/PKGBUILD
- sed "s/\(\"LICENSE-v\$pkgver::\).*\"/\1$(echo $URL_LICENSE | sed 's/\//\\\//g')\"/" -i ffsend-bin/PKGBUILD
- sed "s/^sha256sums=.*\$/sha256sums=('$SHA_SOURCE')/" -i ffsend/PKGBUILD
- sed "s/^sha256sums=.*\$/sha256sums=('$SHA_BIN' '$SHA_BASH_COMPLETION' '$SHA_ZSH_COMPLETION' '$SHA_FISH_COMPLETION' '$SHA_LICENSE')/" -i ffsend-bin/PKGBUILD
# Get SHA hash for local and remote file w/o version, update if it has changed
- 'SHA_STRIP_LOCAL=$(cat ffsend-git/PKGBUILD | sed /^pkgver=.\*/d | sha256sum | cut -d" " -f1)'
- 'SHA_STRIP_REMOTE=$(curl -sSL "https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=ffsend-git" | sed /^pkgver=.\*/d | sha256sum | cut -d" " -f1)'
# Install dependencies
- echo "Installing required build packages..."
- pacman -Syu --noconfirm sudo base-devel binutils openssh rust cargo cmake git openssl
# Make AUR package
- mkdir -p /.cargo
- chmod -R 777 /.cargo
- cd ffsend-bin/
- echo "Making binary package..."
- sudo -u nobody makepkg -c
- sudo -u nobody makepkg --printsrcinfo > .SRCINFO
- cd ../ffsend
- echo "Making main source package..."
- sudo -u nobody makepkg -c
- sudo -u nobody makepkg --printsrcinfo > .SRCINFO
# Make git package if different than the remote
- |
if [ ! "$SHA_STRIP_LOCAL" == "$SHA_STRIP_REMOTE" ]; then
cd ../ffsend-git
echo "Making git source package..."
sudo -u nobody makepkg -c
sudo -u nobody makepkg --printsrcinfo > .SRCINFO
else
echo "Not making git source package, it has not changed"
fi
- cd ..
# Set up SSH for publishing
- mkdir -p /root/.ssh
- cp ./aur.pub /root/.ssh/id_rsa.pub
- echo "$AUR_SSH_PRIVATE" > /root/.ssh/id_rsa
- echo "Host aur.archlinux.org" >> /root/.ssh/config
- echo " IdentityFile /root/.ssh/aur" >> /root/.ssh/config
- echo " User aur" >> /root/.ssh/config
- chmod 600 /root/.ssh/{id_rsa*,config}
- eval `ssh-agent -s`
- ssh-add /root/.ssh/id_rsa
- ssh-keyscan -H aur.archlinux.org >> /root/.ssh/known_hosts
- git config --global user.name "timvisee"
- git config --global user.email "tim@visee.me"
# Publish main package: clone AUR repo, commit update and push
- git clone ssh://aur@aur.archlinux.org/ffsend.git aur-ffsend
- cd aur-ffsend
- cp ../ffsend/{PKGBUILD,.SRCINFO} ./
- git add PKGBUILD .SRCINFO
- git commit -m "Release v$VERSION"
- git push
- cd ..
# Publish binary package: clone AUR repo, commit update and push
- git clone ssh://aur@aur.archlinux.org/ffsend-bin.git aur-ffsend-bin
- cd aur-ffsend-bin
- cp ../ffsend-bin/{PKGBUILD,.SRCINFO} ./
- git add PKGBUILD .SRCINFO
- git commit -m "Release v$VERSION"
- git push
- cd ..
# Publish git package: clone AUR repo, commit update and push
# Only publish it if it is different than the remote
- |
if [ ! "$SHA_STRIP_LOCAL" == "$SHA_STRIP_REMOTE" ]; then
git clone ssh://aur@aur.archlinux.org/ffsend-git.git aur-ffsend-git
cd aur-ffsend-git
cp ../ffsend-git/{PKGBUILD,.SRCINFO} ./
git add PKGBUILD .SRCINFO
git commit -m "Update PKGBUILD for release v$VERSION"
git push
cd ..
else
echo "Not pushing git package, it has not changed"
fi
# TODO: add job to test ffsend{-git} AUR packages