kopia lustrzana https://gitlab.com/gridtracker.org/gridtracker
358 wiersze
13 KiB
YAML
358 wiersze
13 KiB
YAML
# This file is a template, and might need editing before it works on your project.
|
|
# see https://docs.gitlab.com/ee/ci/yaml/README.html for all available options
|
|
|
|
variables:
|
|
DEFAULT_IMAGE: registry.gitlab.com/gridtracker.org/gtbuilder:v1-0
|
|
APT_CACHE_DIR: $CI_PROJECT_DIR/.cache/apt
|
|
NPM_CONFIG_CACHE: $CI_PROJECT_DIR/.cache/npm
|
|
|
|
#
|
|
# We have code in here for releasing on both GS and S3, control it through variables
|
|
# on GitLab, do not change it in this file.
|
|
#
|
|
GCLOUD_PROJECT_ID: "cent7-288417"
|
|
GCLOUD_SERVICE_ACCOUNT: /dev/null
|
|
GCLOUD_DEPLOY_PATH: gs://gt_download/$CI_COMMIT_TAG
|
|
NR0Q_SERVER_ADDRESS: ""
|
|
NR0Q_SERVER_PASSWORD: ""
|
|
|
|
#
|
|
# Because it's getting to be that kind of world, we're going to have to
|
|
# sign our packages/exectuables with a signing key.
|
|
# That signing chain and spec file will be stored in a Gitlab CI Variable and protected,
|
|
# here's a placeholder for the script
|
|
G_CODE_SIGNING_CHAIN: ""
|
|
|
|
# nothing in this file ill be allowed to run automatically except for:
|
|
# 1. merge requests
|
|
# 2. manual tagging
|
|
# 3. committing to the default branch
|
|
include:
|
|
- template: "Workflows/MergeRequest-Pipelines.gitlab-ci.yml"
|
|
- template: "Security/Dependency-Scanning.gitlab-ci.yml"
|
|
- template: "Security/Secret-Detection.gitlab-ci.yml"
|
|
- template: "Security/SAST.gitlab-ci.yml"
|
|
|
|
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
- staging
|
|
- package
|
|
- pre-deploy
|
|
- deploy
|
|
|
|
default:
|
|
image: ${DEFAULT_IMAGE}
|
|
interruptible: true
|
|
|
|
# just do a quick syntax check job, we don't need to "build" anything here other than the
|
|
# outer dev environment for gridtracker
|
|
npm:test:
|
|
stage: test
|
|
image: node:latest
|
|
script:
|
|
- npm install
|
|
- npm test
|
|
|
|
# test2:
|
|
# stage: test
|
|
# script:
|
|
# - echo "Do another parallel test here"
|
|
# - echo "For example run a lint test"
|
|
|
|
# package binaries and create build artifacts that may be used in later stages
|
|
win:package:
|
|
stage: package
|
|
rules:
|
|
# only do this with a manual tag starting with v or test_
|
|
- if: '$CI_COMMIT_TAG =~ /^(v|test_).*/'
|
|
artifacts:
|
|
paths:
|
|
- artifacts/
|
|
name: '$CI_COMMIT_REF_SLUG'
|
|
cache:
|
|
paths:
|
|
- .cache/
|
|
- node_modules/
|
|
key:
|
|
files:
|
|
- package.json
|
|
- package.nw/package.json
|
|
before_script:
|
|
- |
|
|
mkdir -p $NPM_CONFIG_CACHE
|
|
mkdir -p artifacts
|
|
echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies"
|
|
apt-get update && apt-get upgrade -y
|
|
apt-get install p7zip -y
|
|
wget https://nsis.sourceforge.io/mediawiki/images/4/47/Registry.zip
|
|
unzip -bj Registry.zip Desktop/Plugin/registry.dll -d /usr/share/nsis/Plugins/x86-unicode/
|
|
unzip -bj Registry.zip Desktop/Include/Registry.nsh -d /usr/share/nsis/Include/
|
|
wget https://nsis.sourceforge.io/mediawiki/images/1/18/NsProcess.zip
|
|
7zr e NsProcess.zip -y -o/usr/share/nsis/Include/ Include/nsProcess.nsh
|
|
7zr e NsProcess.zip -y -o/usr/share/nsis/Plugins/x86-unicode/ Plugin/nsProcessW.dll
|
|
mv /usr/share/nsis/Plugins/x86-unicode/nsProcessW.dll /usr/share/nsis/Plugins/x86-unicode/nsProcess.dll
|
|
## eval $(ssh-agent -s)
|
|
## echo "$NR0Q_PRIV" | tr -d '\r' | ssh-add -
|
|
## mkdir -p ~/.ssh; chmod 700 ~/.ssh
|
|
## scp -o StrictHostKeyChecking=no -P $NR0Q_SSH_PORT mchambers@$NR0Q_SERVER_ADDRESS:~/codecert.spc ./
|
|
script:
|
|
- |
|
|
# Making our Windows packages
|
|
echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K"
|
|
test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1)
|
|
echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages"
|
|
npm install --prefer-offline
|
|
npm run dist-win
|
|
for dir in dist/*-win-* ; do
|
|
if [ -f $dir ] && [[ "$dir" == *"-Setup.exe" ]] ; then
|
|
echo "deleting broken installer $dir"
|
|
rm $dir
|
|
fi
|
|
done
|
|
# Now we need to sign the executable before it get's stuffed into Nullsoft
|
|
# using mono signcode
|
|
## signcode -spc codecert.spc -t http://time.certum.pl/ -a sha256 dist/GridTracker-*-win-*/*.exe
|
|
# Now the executable should be signed
|
|
sed "s#<versionplaceholder>#`node version.js`#g" windows/win_installer.nsi > windows/setup.nsi.tmp.1
|
|
sed "s#<buildplaceholder>#`pwd`#g" windows/setup.nsi.tmp.1 > windows/setup.nsi
|
|
makensis windows/setup.nsi
|
|
# clean up generated files
|
|
rm windows/setup.nsi
|
|
rm windows/setup.nsi.tmp.1
|
|
## signcode -spc codecert.spc -t http://time.certum.pl/ -a sha256 dist/GridTracker-Installer.*.exe
|
|
(cd dist ; mv GridTracker-Installer.*.exe ../artifacts)
|
|
echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K"
|
|
|
|
linux:package:
|
|
stage: package
|
|
rules:
|
|
# only do this with a manual tag starting with v or test_
|
|
- if: '$CI_COMMIT_TAG =~ /^(v|test_).*/'
|
|
artifacts:
|
|
paths:
|
|
- artifacts/
|
|
name: '$CI_COMMIT_REF_SLUG'
|
|
cache:
|
|
paths:
|
|
- .cache/
|
|
- node_modules/
|
|
key:
|
|
files:
|
|
- package.json
|
|
- package.nw/package.json
|
|
before_script:
|
|
- |
|
|
mkdir -p $NPM_CONFIG_CACHE
|
|
mkdir -p artifacts
|
|
echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies"
|
|
apt-get update && apt-get upgrade -y
|
|
echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K"
|
|
script:
|
|
- |
|
|
# Making our distro agnostic Linux packages
|
|
test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1)
|
|
echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages"
|
|
npm install --prefer-offline
|
|
npm run dist-nix
|
|
chmod 755 dist/*-linux-*/GridTracker dist/*-linux-*/lib dist/*-linux-*/locales dist/*-linux-*/swiftshader/
|
|
for dir in dist/*-linux-* ; do
|
|
if [ -d $dir ] ; then
|
|
cp package.nw/img/gridtracker.png $dir/
|
|
rm $dir/locales/*.info
|
|
tar -C dist -czf ${dir}.tar.gz `basename $dir`
|
|
fi
|
|
done
|
|
(cd dist; mv *.tar.gz ../artifacts/)
|
|
echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K"
|
|
# This section does debian DEBs
|
|
echo -e "\e[0Ksection_start:`date +%s`:debian_build\r\e[0KBuilding Debian packages"
|
|
dpkg-buildpackage -b --no-sign
|
|
mv ../*.{deb,buildinfo,changes} artifacts/
|
|
echo -e "\e[0Ksection_end:`date +%s`:debian_build\r\e[0K"
|
|
echo "we made LINUX packages!"
|
|
ls -laR artifacts
|
|
|
|
mac:package:
|
|
stage: package
|
|
rules:
|
|
# only do this with a manual tag starting with v or test_
|
|
- if: '$CI_COMMIT_TAG =~ /^(v|test_).*/'
|
|
artifacts:
|
|
paths:
|
|
- artifacts/
|
|
name: '$CI_COMMIT_REF_SLUG'
|
|
cache:
|
|
paths:
|
|
- .cache/
|
|
- node_modules/
|
|
key:
|
|
files:
|
|
- package.json
|
|
- package.nw/package.json
|
|
before_script:
|
|
- |
|
|
mkdir -p $NPM_CONFIG_CACHE
|
|
mkdir -p artifacts
|
|
echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies"
|
|
apt-get update && apt-get upgrade -y
|
|
echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K"
|
|
script:
|
|
- |
|
|
# Making our MacOS packages
|
|
test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1)
|
|
echo -e "\e[0Ksection_start:`date +%s`:native_build\r\e[0KBuilding native packages"
|
|
npm install --prefer-offline
|
|
npm run dist-mac
|
|
(cd dist; mv *.zip ../artifacts/)
|
|
echo -e "\e[0Ksection_end:`date +%s`:native_build\e[0K"
|
|
echo "we made MAC packages!"
|
|
ls -laR artifacts
|
|
|
|
arm:package:
|
|
stage: package
|
|
variables:
|
|
NWJS_VERSION: "v0.54.2"
|
|
NWJS32_BUILD: "nw54_2021-07-09"
|
|
NWJS64_BUILD: "nw54-arm64_2021-07-10"
|
|
rules:
|
|
# only do this with a manual tag starting with v or test_
|
|
- if: '$CI_COMMIT_TAG =~ /^(v|test_).*/'
|
|
artifacts:
|
|
paths:
|
|
- artifacts/
|
|
name: '$CI_COMMIT_REF_SLUG'
|
|
cache:
|
|
paths:
|
|
- .cache/
|
|
- node_modules/
|
|
key:
|
|
files:
|
|
- package.json
|
|
- package.nw/package.json
|
|
before_script:
|
|
- |
|
|
mkdir -p $NPM_CONFIG_CACHE
|
|
mkdir -p artifacts
|
|
#dpkg --add-architecture armhf
|
|
echo -e "\e[0Ksection_start:`date +%s`:apt_get[collapsed=true]\r\e[0KGetting Build Dependencies"
|
|
apt-get update && apt-get upgrade -y
|
|
apt-get build-dep .
|
|
echo -e "\e[0Ksection_end:`date +%s`:apt_get\r\e[0K"
|
|
script:
|
|
- |
|
|
# This is for ARM 32 arch build
|
|
test `node version.js` = `dpkg-parsechangelog -S version` || (echo "package.nw/package.json and debian/changelog version mismatch"; exit 1)
|
|
echo -e "\e[0Ksection_start:`date +%s`:wget[collapsed=true]\r\e[0KGetting Upstream NWJS Binary"
|
|
wget https://github.com/LeonardLaszlo/nw.js-armv7-binaries/releases/download/$NWJS32_BUILD/$NWJS32_BUILD.tar.gz
|
|
tar -xf $NWJS32_BUILD.tar.gz
|
|
tar -xf usr/docker/dist/nwjs-chromium-ffmpeg-branding/nwjs-$NWJS_VERSION-linux-arm.tar.gz
|
|
echo -e "\e[0Ksection_end:`date +%s`:wget\r\e[0K"
|
|
rm nwjs-$NWJS_VERSION-linux-arm/locales/*.info
|
|
mv nwjs-$NWJS_VERSION-linux-arm/nw nwjs-$NWJS_VERSION-linux-arm/GridTracker
|
|
version=`node ./version.js`
|
|
mkdir GridTracker-$version-linux-arm32
|
|
cp -r nwjs-$NWJS_VERSION-linux-arm/* GridTracker-$version-linux-arm32/
|
|
cp -r arm/* GridTracker-$version-linux-arm32/
|
|
cp -r package.nw GridTracker-$version-linux-arm32/
|
|
cp LICENSE GridTracker-$version-linux-arm32/
|
|
tar -czf GridTracker-$version-linux-arm32.tar.gz GridTracker-$version-linux-arm32
|
|
mv GridTracker-$version-linux-arm32.tar.gz artifacts/
|
|
# This is for ARM 64 arch build
|
|
wget https://github.com/LeonardLaszlo/nw.js-armv7-binaries/releases/download/$NWJS64_BUILD/$NWJS64_BUILD.tar.gz
|
|
tar -xf $NWJS64_BUILD.tar.gz
|
|
tar -xf usr/docker/dist/nwjs-chromium-ffmpeg-branding/nwjs-$NWJS_VERSION-linux-arm64.tar.gz
|
|
rm nwjs-$NWJS_VERSION-linux-arm64/locales/*.info
|
|
mv nwjs-$NWJS_VERSION-linux-arm64/nw nwjs-$NWJS_VERSION-linux-arm64/GridTracker
|
|
version=`node ./version.js`
|
|
mkdir GridTracker-$version-linux-arm64
|
|
cp -r nwjs-$NWJS_VERSION-linux-arm64/* GridTracker-$version-linux-arm64/
|
|
cp -r arm/* GridTracker-$version-linux-arm64/
|
|
cp -r package.nw GridTracker-$version-linux-arm64/
|
|
cp LICENSE GridTracker-$version-linux-arm64/
|
|
tar -czf GridTracker-$version-linux-arm64.tar.gz GridTracker-$version-linux-arm64
|
|
mv GridTracker-$version-linux-arm64.tar.gz artifacts/
|
|
echo "we made ARM packages!"
|
|
ls -laR artifacts
|
|
|
|
# copy test assets to Google Storage
|
|
upload-Google:
|
|
stage: deploy
|
|
image: google/cloud-sdk
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
rules:
|
|
- if: '$CI_COMMIT_TAG =~ /^(v|test_).*/'
|
|
script:
|
|
- |
|
|
echo $GCP_SERVICE_KEY > gcloud-service-key.json
|
|
gcloud auth activate-service-account --key-file gcloud-service-key.json
|
|
gcloud config set project $GCLOUD_PROJECT_ID
|
|
gsutil -m cp -R artifacts/* $GCLOUD_DEPLOY_PATH/
|
|
|
|
# this only creates a "source code release" -- gitlab doesn't specify binaries
|
|
# except as links to external storage, which is suboptimal for now
|
|
|
|
sourcerelease:
|
|
stage: deploy
|
|
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
rules:
|
|
- if: '$CI_COMMIT_TAG =~ /^(v).*/'
|
|
release:
|
|
tag_name: $CI_COMMIT_TAG
|
|
name: GridTracker $CI_COMMIT_TAG
|
|
description: GridTracker release $CI_COMMIT_TAG
|
|
ref: '$CI_COMMIT_SHA'
|
|
assets:
|
|
links:
|
|
- name: Release Packages for $CI_COMMIT_TAG
|
|
url: https://https://storage.googleapis.com/gt_download/$CI_COMMIT_TAG/
|
|
external: true
|
|
link_type: package
|
|
script:
|
|
- echo 'Release for $CI_COMMIT_TAG'
|
|
|
|
update_arch_aur:
|
|
stage: deploy
|
|
image: archlinux:base-devel
|
|
rules:
|
|
# only do this with a manual tag starting with v
|
|
- if: '$CI_COMMIT_TAG =~ /^v.*/ && $AUR_KEY != ""'
|
|
before_script:
|
|
- |
|
|
pacman -Sy; pacman -S --needed --noconfirm openssh git
|
|
eval $(ssh-agent -s)
|
|
echo "$AUR_KEY" | tr -d '\r' | ssh-add -
|
|
mkdir -p ~/.ssh; chmod 700 ~/.ssh
|
|
git config --global user.name "nr0q"
|
|
git config --global user.email "nr0q@gridtracker.org"
|
|
script:
|
|
# generate the PKGBUILD
|
|
- |
|
|
cd arch-linux
|
|
curl -o gridtracker.tar.gz "https://gitlab.com/gridtracker.org/gridtracker/-/archive/${CI_COMMIT_TAG}/gridtracker-${CI_COMMIT_TAG}.tar.gz"
|
|
SHASUM=$(sha256sum gridtracker.tar.gz | cut -d ' ' -f1)
|
|
sed "s/REPLACE_WITH_VERSION/${CI_COMMIT_TAG#v}/;s/REPLACE_WITH_SHASUM/${SHASUM}/" PKGBUILD.template > PKGBUILD
|
|
# test that it builds
|
|
- |
|
|
useradd builder -m
|
|
passwd -d builder
|
|
printf 'builder ALL=(ALL) ALL\n' | tee -a /etc/sudoers
|
|
# build nwjs-bin
|
|
sudo -u builder bash -c 'git clone https://aur.archlinux.org/nwjs-bin.git nwjs-bin && cd nwjs-bin && makepkg -si --noconfirm'
|
|
# build gridtracker
|
|
sudo -u builder makepkg -si --noconfirm PKGBUILD
|
|
# push the new version
|
|
- |
|
|
sudo -u builder makepkg --printsrcinfo > .SRCINFO
|
|
git clone ssh://aur@aur.archlinux.org/gridtracker.git
|
|
cp PKGBUILD gridtracker/PKGBUILD
|
|
cp .SRCINFO gridtracker/.SRCINFO
|
|
cd gridtracker
|
|
git add PKGBUILD .SRCINFO && git commit -m "upgpkg: gridtracker ${CI_COMMIT_TAG#v}" && git push
|
|
|