Commit 206ec796 authored by Kolbjørn Barmen's avatar Kolbjørn Barmen
Browse files

Merge branch 'update-ci' into 'master'

Only deploy the package files from the master branch

See merge request !1
parents 3f4e3dd8 46a446cc
Pipeline #44387 passed with stages
in 1 minute and 15 seconds
/output/
......@@ -2,57 +2,28 @@ stages:
- build
- deploy
build-debian-bullseye:
cache: {}
build:
stage: build
image: registry.uninett.no/public/docker-builder
parallel:
matrix:
- IMAGE:
- 'debian:buster' # Debian 10 (buster)
- 'debian:bullseye' # Debian 11 (bullseye)
image: $IMAGE
artifacts:
expire_in: 1h
paths:
- build-bullseye
- output
script:
- docker build -f Dockerfile-bullseye -t radsecproxy-debbuild-bullseye .
- rm -rf build-bullseye
- mkdir build-bullseye
- docker run -i radsecproxy-debbuild-bullseye | tar x -C build-bullseye/
- ls -l build-bullseye/
build-debian-buster:
cache: {}
stage: build
image: registry.uninett.no/public/docker-builder
artifacts:
expire_in: 1h
paths:
- build-buster
script:
- docker build -f Dockerfile-buster -t radsecproxy-debbuild-buster .
- rm -rf build-buster
- mkdir build-buster
- docker run -i radsecproxy-debbuild-buster | tar x -C build-buster/
- ls -l build-buster/
- ./build.sh
deploy-apt:
stage: deploy
only:
- master
image: debian:bullseye
artifacts:
paths:
- build-bullseye
- build-buster
- output
script:
- apt-get update && apt-get install openssh-client -y
- (
umask 077;
mkdir -p ~/.ssh;
echo "${SSH_PRIVKEY}" > ~/.ssh/id_rsa;
echo "${SSH_APT_HOSTKEY}" > ~/.ssh/known_hosts;
)
- ssh jenkins@apt.uninett.no
mkdir -p
/www/apt.uninett.no/htdocs/debian/pool/bullseye/main/binary-amd64/r/radsecproxy
/www/apt.uninett.no/htdocs/debian/pool/buster/main/binary-amd64/r/radsecproxy
- scp build-bullseye/radsecproxy*.deb
jenkins@apt.uninett.no:/www/apt.uninett.no/htdocs/debian/pool/bullseye/main/binary-amd64/r/radsecproxy/
- scp build-buster/radsecproxy*.deb
jenkins@apt.uninett.no:/www/apt.uninett.no/htdocs/debian/pool/buster/main/binary-amd64/r/radsecproxy/
- ssh jenkins@apt.uninett.no /www/apt.uninett.no/bin/mkrepo.debian
- ./upload.sh
FROM debian:bullseye
RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y git curl build-essential debhelper dh-autoreconf autotools-dev libssl-dev nettle-dev docbook2x lsb-release
WORKDIR /root/
COPY build.sh build.sh
RUN ./build.sh
CMD tar c *.deb
FROM debian:buster
RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y git curl build-essential debhelper dh-autoreconf autotools-dev libssl-dev nettle-dev docbook2x lsb-release
WORKDIR /root/
COPY build.sh build.sh
RUN ./build.sh
CMD tar c *.deb
# Docker for building debian package of Radsecproxy at UNINETT
# Build Debian packages of Radsecproxy at UNINETT
This docker will generate a .deb package for Radsecproxy.
This repository will create and upload Debian packages for Radsecproxy to [apt.uninett.no](https://apt.uninett.no/).
## Usage
Edit **build.sh** and set the desired version number for Radsecproxy.
To build the packages locally, run:
```
docker build -f Dockerfile-[stretch|buster] -t radsecproxy-debbuild .
docker run -i radsecproxy-debbuild | tar x
docker run --rm -ti -v "$(pwd -P):/work" debian:bullseye /work/build.sh
```
#! /bin/sh
#!/bin/bash
# set -x
set -e
chmod 700 .
whoami
pwd
cd /root
ls -ld .
# The directory where this script is located.
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
# Run all tasks in a temporary directory. This avoids filling up the project
# directory with temporary files when this script is run locally (outside of
# GitLab CI). It also allows multiple build commands to be run in parallel
# locally without conflicting with each other.
work_dir="$(mktemp -d)"
cd "${work_dir}"
# Ensure that Debian package installations proceed without configuration prompts
# or warnings about configuration prompts.
export DEBIAN_FRONTEND=noninteractive
# Install required build dependencies
apt-get update
apt-get -y upgrade
apt-get install -y --no-install-recommends \
autotools-dev \
build-essential \
curl \
debhelper \
dh-autoreconf \
docbook2x \
git \
libssl-dev \
lsb-release \
nettle-dev \
--
# The distro code name (e.g. "buster", "bullseye") we are building the package for.
lsb_release_name=$(lsb_release -sc)
# Debian package name for the package we build.
package="radsecproxy"
# Version of the package we build.
version="1.9.0"
# A revision of our package. We need to bump this if we rebuild the same version
# of the package at some point.
revision="2${lsb_release_name}~uninett"
export TZ="Europe/Oslo"
now=$(date +"%a, %d %b %Y %T %z")
here=$(pwd)
# Add source repositories. We will need them to download the original source
# package for radsecproxy.
sed -n 's@^deb @deb-src @p' /etc/apt/sources.list > /etc/apt/sources.list.d/sources.list
apt-get update
export DEBIAN_FRONTEND=noninteractive
cat >> /etc/apt/sources.list << EOF
deb-src http://cdn-fastly.deb.debian.org/debian ${lsb_release_name} main
deb-src http://cdn-fastly.deb.debian.org/debian ${lsb_release_name}-updates main
deb-src http://security.debian.org ${lsb_release_name}-security main
EOF
# Download the source code for the project.
radsecproxy_url="https://github.com/radsecproxy/radsecproxy"
radsecproxy_srcurl="${radsecproxy_url}/releases/download/${version}/radsecproxy-${version}.tar.gz"
curl --fail --silent -o "${package}"_"${version}".orig.tar.gz -L "${radsecproxy_srcurl}"
if test ${lsb_release_name} != "bullseye"
then
sed -i "s/${lsb_release_name}-security/${lsb_release_name}\/updates/" /etc/apt/sources.list
fi
# Download the Debian source package for project.
apt-get source "${package}"
apt-get update
# Extract the project source code, including the Debian source package.
tar xzf "${package}_${version}".orig.tar.gz
tar xf "${package}"_*.debian.tar.xz -C "${package}-${version}/"
RADSECPROXY_URL="https://github.com/${package}/${package}"
RADSECPROXY_SRCURL="${RADSECPROXY_URL}/releases/download/${version}/${package}-${version}.tar.gz"
curl --silent -o "${package}"_"${version}".orig.tar.gz -L "${RADSECPROXY_SRCURL}"
tar xzf "${package}"_"${version}".orig.tar.gz
# Remove any Debian patches for the project.
rm -r "${package}-${version}/debian/patches"
apt-get source ${package}
tar xf "${package}"_*.debian.tar.xz -C "${package}"-"${version}/"
# The man pages were moved to section 8 after Debian Buster was released.
# TODO: This can be removed once we no longer build the package for Debian Buster.
if [ "${lsb_release_name}" = 'buster' ]; then
sed -i 's/\.1$/.8/' "${package}-${version}/debian/manpages"
fi
rm -r "${package}"-"${version}/debian/patches"
sed -i 's/\.1$/.8/' "${package}"-"${version}/debian/manpages"
cat > changelog << EOF
# Build our changelog file. We want to prepend our changelog entry to the
# existing file.
changelog_file="${package}-${version}/debian/changelog"
cat /dev/stdin "${changelog_file}" > "${changelog_file}.new" << EOF
radsecproxy (${version}-${revision}) unstable; urgency=medium
* New upstream release - ${version}
-- Kolbjørn Barmen <debian@kolla.no> ${now}
-- Kolbjørn Barmen <debian@kolla.no> $(TZ="Europe/Oslo" date +"%a, %d %b %Y %T %z")
EOF
cat "${package}-${version}/debian/changelog" >> changelog
cat changelog > "${package}-${version}/debian/changelog"
mv "${changelog_file}.new" "${changelog_file}"
# Build the package.
cd "${package}-${version}/"
dpkg-buildpackage
cd "${here}"
# Copy the generated Debian packages to the output directory.
output_dir="${script_dir}/output/${lsb_release_name}"
mkdir -p "${output_dir}"
cp -pv "${work_dir}/"*.deb "${output_dir}/"
#!/bin/bash
set -e
set -o pipefail
# Install SSH client
apt-get update
apt-get install -y --no-install-recommends openssh-client
# Create SSH configuration
(
umask 077
mkdir -p ~/.ssh
echo "${SSH_PRIVKEY}" > ~/.ssh/id_rsa
echo "${SSH_APT_HOSTKEY}" > ~/.ssh/known_hosts
)
# Upload the Debian packages
for distro_dir in ./output/*; do
distro="$(basename "${distro_dir}")"
target_dir="/www/apt.uninett.no/htdocs/debian/pool/${distro}/main/binary-amd64/r/radsecproxy"
echo "Uploading packages for ${distro}"
ssh jenkins@apt.uninett.no mkdir -p "${target_dir}"
scp "${distro_dir}"/radsecproxy*.deb "jenkins@apt.uninett.no:${target_dir}/"
done
echo "Updating APT repository metadata"
ssh jenkins@apt.uninett.no /www/apt.uninett.no/bin/mkrepo.debian
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment