mirror of
https://github.com/vector-im/element-desktop.git
synced 2024-08-08 22:43:43 +00:00
92 lines
3.9 KiB
YAML
92 lines
3.9 KiB
YAML
on:
|
|
workflow_call:
|
|
inputs:
|
|
artifact-name:
|
|
type: string
|
|
required: true
|
|
description: "The name of the artifact containing the debs to include"
|
|
secrets:
|
|
GPG_PRIVATE_KEY:
|
|
required: false
|
|
GPG_PASSPHRASE:
|
|
required: false
|
|
CF_R2_ACCESS_KEY_ID:
|
|
required: false
|
|
CF_R2_TOKEN:
|
|
required: false
|
|
CF_R2_S3_API:
|
|
required: false
|
|
# Protect reprepro database using concurrency
|
|
concurrency: reprepro
|
|
jobs:
|
|
reprepro:
|
|
name: Deploy debian package
|
|
environment: packages.element.io
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
R2_BUCKET: "packages-element-io"
|
|
R2_DB_BUCKET: packages-element-io-db
|
|
R2_URL: ${{ secrets.CF_R2_S3_API }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: ${{ inputs.artifact-name }}
|
|
path: dist
|
|
|
|
- name: Load GPG key
|
|
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
|
|
with:
|
|
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
|
|
passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
|
fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
|
|
|
|
- name: Install reprepro
|
|
run: sudo apt-get install -y reprepro
|
|
|
|
- name: Fetch database
|
|
run: aws s3 cp --recursive s3://$R2_DB_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
|
|
|
|
- name: Run reprepro
|
|
run: |
|
|
grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
|
|
reprepro -b debian includedeb "$target" ./dist/*.deb
|
|
done
|
|
|
|
- name: Check repository works
|
|
run: |
|
|
# Download signing keyring
|
|
sudo wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
|
|
# Point apt at local apt repo
|
|
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://127.0.0.1:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list
|
|
|
|
# Start http server and fetch from it via apt
|
|
python3 -m http.server 8000 --bind 127.0.0.1 &
|
|
sudo apt-get update --allow-insecure-repositories
|
|
killall python3
|
|
|
|
# Validate the package in the repo quacks like the one we expect
|
|
info=$(dpkg --info ../dist/*.deb)
|
|
package=$(echo "$info" | grep "Package:" | sed -n 's/ Package: //p')
|
|
version=$(echo "$info" | grep "Version:" | sed -n 's/ Version: //p')
|
|
apt-cache show "$package" | grep "Version: $version"
|
|
working-directory: ./packages.element.io
|
|
|
|
- name: Deploy debian repo
|
|
run: |
|
|
aws s3 cp --recursive packages.element.io/debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
|
|
|
|
- name: Store database
|
|
run: aws s3 cp --recursive debian/db/ s3://$R2_DB_BUCKET --endpoint-url $R2_URL --region auto
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
|