# This file is a template, and might need editing before it works on your project. # see https://docs.gitlab.com/ee/ci/yaml/README.html for all available options variables: DEFAULT_IMAGE: registry.gitlab.com/gridtracker.org/gtbuilder:v1-0 APT_CACHE_DIR: $CI_PROJECT_DIR/.cache/apt NPM_CONFIG_CACHE: $CI_PROJECT_DIR/.cache/npm # # We have code in here for releasing on both GS and S3, control it through variables # on GitLab, do not change it in this file. # GCLOUD_PROJECT_ID: "cent7-288417" GCLOUD_SERVICE_ACCOUNT: /dev/null GCLOUD_DEPLOY_PATH: gs://downloads.gridtracker.org/$CI_COMMIT_TAG NR0Q_SERVER_ADDRESS: "" NR0Q_SERVER_PASSWORD: "" # # Because it's getting to be that kind of world, we're going to have to # sign our packages/exectuables with a signing key. # That signing chain and spec file will be stored in a Gitlab CI Variable and protected, # here's a placeholder for the script G_CODE_SIGNING_CHAIN: "" # nothing in this file ill be allowed to run automatically except for: # 1. merge requests # 2. manual tagging # 3. committing to the default branch include: - template: "Workflows/MergeRequest-Pipelines.gitlab-ci.yml" - template: "Security/Dependency-Scanning.gitlab-ci.yml" - template: "Security/Secret-Detection.gitlab-ci.yml" - template: "Security/SAST.gitlab-ci.yml" stages: - build - test - staging - package - pre-deploy - deploy default: image: ${DEFAULT_IMAGE} interruptible: true # just do a quick syntax check job, we don't need to "build" anything here other than the # outer dev environment for gridtracker npm:test: stage: test image: node:latest script: - npm install - npm test # test2: # stage: test # script: # - echo "Do another parallel test here" # - echo "For example run a lint test" # package binaries and create build artifacts that may be used in later stages win:package: stage: package rules: # only do this with a manual tag starting with v or test_ - if: '$CI_COMMIT_TAG =~ /^(v|test_).*/' artifacts: paths: - artifacts/ name: '$CI_COMMIT_REF_SLUG' cache: paths: - .cache/ - node_modules/ key: files: - package.json - package.nw/package.json before_script: - | mkdir -p $NPM_CONFIG_CACHE mkdir -p artifacts echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies" apt-get update && apt-get upgrade -y apt-get install p7zip -y wget https://nsis.sourceforge.io/mediawiki/images/4/47/Registry.zip unzip -bj Registry.zip Desktop/Plugin/registry.dll -d /usr/share/nsis/Plugins/x86-unicode/ unzip -bj Registry.zip Desktop/Include/Registry.nsh -d /usr/share/nsis/Include/ wget https://nsis.sourceforge.io/mediawiki/images/1/18/NsProcess.zip 7zr e NsProcess.zip -y -o/usr/share/nsis/Include/ Include/nsProcess.nsh 7zr e NsProcess.zip -y -o/usr/share/nsis/Plugins/x86-unicode/ Plugin/nsProcessW.dll mv /usr/share/nsis/Plugins/x86-unicode/nsProcessW.dll /usr/share/nsis/Plugins/x86-unicode/nsProcess.dll script: - | # Making our Windows packages echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K" test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1) echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages" npm install --prefer-offline npm run dist-win for dir in dist/*-win-* ; do if [ -f $dir ] && [[ "$dir" == *"-Setup.exe" ]] ; then echo "deleting broken installer $dir" rm $dir fi done rm dist/*-win-*/locales/*.info # Now we need to sign the executable before it get's stuffed into Nullsoft # using mono signcode ## signcode -spc codecert.spc -t http://time.certum.pl/ -a sha256 dist/GridTracker-*-win-*/*.exe # Now the executable should be signed sed "s##`node version.js`#g" windows/win_installer.nsi > windows/setup.nsi.tmp.1 sed "s##`pwd`#g" windows/setup.nsi.tmp.1 > windows/setup.nsi makensis windows/setup.nsi # clean up generated files rm windows/setup.nsi rm windows/setup.nsi.tmp.1 ## signcode -spc codecert.spc -t http://time.certum.pl/ -a sha256 dist/GridTracker-Installer.*.exe (cd dist ; mv GridTracker-Installer.*.exe ../artifacts) echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K" linux:package: stage: package rules: # only do this with a manual tag starting with v or test_ - if: '$CI_COMMIT_TAG =~ /^(v|test_).*/' artifacts: paths: - artifacts/ name: '$CI_COMMIT_REF_SLUG' cache: paths: - .cache/ - node_modules/ key: files: - package.json - package.nw/package.json before_script: - | mkdir -p $NPM_CONFIG_CACHE mkdir -p artifacts echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies" apt-get update && apt-get upgrade -y echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K" script: - | # Making our distro agnostic Linux packages test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1) echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages" npm install --prefer-offline npm run dist-nix chmod 755 dist/*-linux-*/GridTracker dist/*-linux-*/lib dist/*-linux-*/locales dist/*-linux-*/swiftshader/ dist/*-linux-*/chrome_crashpad_handler for dir in dist/*-linux-* ; do if [ -d $dir ] ; then cp package.nw/img/gridtracker.png $dir/ rm $dir/locales/*.info tar -C dist -czf ${dir}.tar.gz `basename $dir` fi done (cd dist; mv *.tar.gz ../artifacts/) echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K" # This section does debian DEBs echo -e "\e[0Ksection_start:`date +%s`:debian_build\r\e[0KBuilding Debian packages" dpkg-buildpackage -b --no-sign mv ../*.{deb,buildinfo,changes} artifacts/ echo -e "\e[0Ksection_end:`date +%s`:debian_build\r\e[0K" echo "we made LINUX packages!" ls -laR artifacts mac:package: stage: package rules: # only do this with a manual tag starting with v or test_ - if: '$CI_COMMIT_TAG =~ /^(v|test_).*/' artifacts: paths: - artifacts/ name: '$CI_COMMIT_REF_SLUG' cache: paths: - .cache/ - node_modules/ key: files: - package.json - package.nw/package.json before_script: - | mkdir -p $NPM_CONFIG_CACHE mkdir -p artifacts echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies" apt-get update && apt-get upgrade -y echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K" script: - | # Making our MacOS packages test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1) echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages" npm install --prefer-offline npm run dist-mac (cd dist; mv *.zip ../artifacts/) echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K" echo "we made MAC packages!" ls -laR artifacts arm:package: stage: package variables: NWJS_VERSION: "v0.54.2" NWJS32_BUILD: "nw54_2021-07-09" NWJS64_BUILD: "nw54-arm64_2021-07-10" rules: # only do this with a manual tag starting with v or test_ - if: '$CI_COMMIT_TAG =~ /^(v|test_).*/' artifacts: paths: - artifacts/ name: '$CI_COMMIT_REF_SLUG' cache: paths: - .cache/ - node_modules/ key: files: - package.json - package.nw/package.json before_script: - | mkdir -p $NPM_CONFIG_CACHE mkdir -p artifacts #dpkg --add-architecture armhf echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies" apt-get update && apt-get upgrade -y apt-get build-dep . echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K" script: - | # This is for ARM 32 arch build test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1) echo -e "\e[0Ksection_start:`date +%s`:wget[collapsed=true]\r\e[0KGetting Upstream NWJS Binary" wget https://github.com/LeonardLaszlo/nw.js-armv7-binaries/releases/download/$NWJS32_BUILD/$NWJS32_BUILD.tar.gz tar -xf $NWJS32_BUILD.tar.gz tar -xf usr/docker/dist/nwjs-chromium-ffmpeg-branding/nwjs-$NWJS_VERSION-linux-arm.tar.gz echo -e "\e[0Ksection_end:`date +%s`:wget\r\e[0K" rm nwjs-$NWJS_VERSION-linux-arm/locales/*.info mv nwjs-$NWJS_VERSION-linux-arm/nw nwjs-$NWJS_VERSION-linux-arm/GridTracker version=`node ./version.js` mkdir GridTracker-$version-linux-arm32 cp -r nwjs-$NWJS_VERSION-linux-arm/* GridTracker-$version-linux-arm32/ cp -r arm/* GridTracker-$version-linux-arm32/ cp -r package.nw GridTracker-$version-linux-arm32/ cp LICENSE GridTracker-$version-linux-arm32/ tar -czf GridTracker-$version-linux-arm32.tar.gz GridTracker-$version-linux-arm32 mv GridTracker-$version-linux-arm32.tar.gz artifacts/ # This is for ARM 64 arch build wget https://github.com/LeonardLaszlo/nw.js-armv7-binaries/releases/download/$NWJS64_BUILD/$NWJS64_BUILD.tar.gz tar -xf $NWJS64_BUILD.tar.gz tar -xf usr/docker/dist/nwjs-chromium-ffmpeg-branding/nwjs-$NWJS_VERSION-linux-arm64.tar.gz rm nwjs-$NWJS_VERSION-linux-arm64/locales/*.info mv nwjs-$NWJS_VERSION-linux-arm64/nw nwjs-$NWJS_VERSION-linux-arm64/GridTracker version=`node ./version.js` mkdir GridTracker-$version-linux-arm64 cp -r nwjs-$NWJS_VERSION-linux-arm64/* GridTracker-$version-linux-arm64/ cp -r arm/* GridTracker-$version-linux-arm64/ cp -r package.nw GridTracker-$version-linux-arm64/ cp LICENSE GridTracker-$version-linux-arm64/ tar -czf GridTracker-$version-linux-arm64.tar.gz GridTracker-$version-linux-arm64 mv GridTracker-$version-linux-arm64.tar.gz artifacts/ echo "we made ARM packages!" ls -laR artifacts # copy test assets to Google Storage upload-Google: stage: deploy image: google/cloud-sdk variables: GIT_STRATEGY: none rules: - if: '$CI_COMMIT_TAG =~ /^(v|test_).*/' script: - | echo $GCP_SERVICE_KEY > gcloud-service-key.json gcloud auth activate-service-account --key-file gcloud-service-key.json gcloud config set project $GCLOUD_PROJECT_ID gsutil -m cp -R artifacts/* $GCLOUD_DEPLOY_PATH/ # this only creates a "source code release" -- gitlab doesn't specify binaries # except as links to external storage, which is suboptimal for now sourcerelease: stage: deploy image: registry.gitlab.com/gitlab-org/release-cli:latest variables: GIT_STRATEGY: none rules: - if: '$CI_COMMIT_TAG =~ /^(v).*/' release: tag_name: $CI_COMMIT_TAG name: GridTracker $CI_COMMIT_TAG description: GridTracker release $CI_COMMIT_TAG ref: '$CI_COMMIT_SHA' assets: links: - name: Release Packages for $CI_COMMIT_TAG url: https://downloads.gridtracker.org/$CI_COMMIT_TAG/ external: true link_type: package script: - echo 'Release for $CI_COMMIT_TAG' update_arch_aur: stage: deploy image: archlinux:base-devel rules: # only do this with a manual tag starting with v - if: '$CI_COMMIT_TAG =~ /^v.*/ && $AUR_KEY != ""' # Allow AUR to fail without failing the whole pipeline allow_failure: true before_script: - | pacman -Sy; pacman -S --needed --noconfirm openssh git eval $(ssh-agent -s) echo "$AUR_KEY" | tr -d '\r' | ssh-add - mkdir -p ~/.ssh; chmod 700 ~/.ssh git config --global user.name "nr0q" git config --global user.email "nr0q@gridtracker.org" script: # generate the PKGBUILD - | cd arch-linux curl -o gridtracker.tar.gz "https://gitlab.com/gridtracker.org/gridtracker/-/archive/${CI_COMMIT_TAG}/gridtracker-${CI_COMMIT_TAG}.tar.gz" SHASUM=$(sha256sum gridtracker.tar.gz | cut -d ' ' -f1) sed "s/REPLACE_WITH_VERSION/${CI_COMMIT_TAG#v}/;s/REPLACE_WITH_SHASUM/${SHASUM}/" PKGBUILD.template > PKGBUILD # test that it builds - | useradd builder -m passwd -d builder printf 'builder ALL=(ALL) ALL\n' | tee -a /etc/sudoers # build nwjs-bin sudo -u builder bash -c 'git clone https://aur.archlinux.org/nwjs-bin.git nwjs-bin && cd nwjs-bin && makepkg -si --noconfirm' # build gridtracker sudo -u builder makepkg -si --noconfirm PKGBUILD # push the new version - | sudo -u builder makepkg --printsrcinfo > .SRCINFO git clone ssh://aur@aur.archlinux.org/gridtracker.git cp PKGBUILD gridtracker/PKGBUILD cp .SRCINFO gridtracker/.SRCINFO cd gridtracker git add PKGBUILD .SRCINFO && git commit -m "upgpkg: gridtracker ${CI_COMMIT_TAG#v}" && git push