chore: Add CI/CD stuff.

Anselm Lingnau · Anselm Lingnau · commit b9b6f4262199 · 2020-07-21T21:30:07.000+02:00
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,11 @@
+include:
+  - ci/gitbox-ci.yml
+
+build:jessie:
+    extends: .build-jessie
+
+build:stretch:
+    extends: .build-stretch
+
+build:buster:
+    extends: .build-buster
diff --git a/ci/copy-to-golden b/ci/copy-to-golden
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Copy distribution packages from $DIST to $DIST-golden.
+# This usually happens when the commit in question has a `release/*` tag,
+# but it is the caller's responsibility to ensure this. It will be of no
+# conceivable interest to you whatsoever unless you're doing official
+# LinOTP development.
+#
+# This command is called with the desired base distribution (e.g., `buster`)
+# and the names of one or more *.changes files – usually produced as Gitlab
+# CI/CD artifacts – as parameters.
+# We get the actual distribution and package names from the changes file.
+
+WANTED_DIST=$1
+GOLDEN_DIST=$1-golden
+shift
+
+declare -a PKGS	 # List of packages to be copied
+for chf do
+    PKG=$(sed -ne '/^Binary:/{s/^.*: //p;q}' $chf)         # Find package name
+    DIST=$(sed -ne '/^Distribution:/{s/^.*: //p;q}' $chf)  # Find distribution name
+    if [ -z "$DIST" ]; then
+        echo >&2 "E:Couldn't find 'Distribution:' line in $chf, skipping"
+        continue
+    elif [ -z "$PKG" ]; then
+        echo >&2 "E:Couldn't find 'Binary:' line in $chf, skipping"
+        continue
+    fi
+    echo >&2 "I:Considering $PKG ($chf)"
+    if [ "$DIST" != "$WANTED_DIST" ]; then
+        echo >&2 "W:$PKG's distribution is $DIST, not $WANTED_DIST, skipping"
+        continue
+    fi
+    PKGS+=($PKG)
+done
+
+if [ "${#PKGS[*]}" -gt 0 ]; then # Do we have work to do?
+    echo >&2 "I:Copying ${PKGS[@]} to ${GOLDEN_DIST}"
+    ssh dists@$DEV_REPO_HOST reprepro copy ${GOLDEN_DIST} ${WANTED_DIST} ${PKGS[@]}
+    EXITCODE=$?
+    echo >&2 "I:Done"
+else
+    echo >&2 "I:Nothing to do"
+    EXITCODE=0
+fi
+
+exit $EXITCODE
diff --git a/ci/gitbox-ci.yml b/ci/gitbox-ci.yml
@@ -0,0 +1,121 @@
+variables:
+  DEV_REPO_URL: http://avocado.corp.lsexperts.de/deb-repo
+  LANG: C.UTF-8
+  EMAIL: "KeyIdentity GmbH <packaging@keyidentity.com>"
+  # Merges/tags to this branch trigger uploads
+  GITBOX_CI_UPLOAD_BRANCHES: '/^(branch-v|master)/'
+  # Tags to these release branches trigger golden-repo uploads
+  GITBOX_CI_RELEASE_TAGS: '/^release/'
+  GITBOX_CI_GOLDEN_RELEASES: '/^buster$/'
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule' # Execute nightly jobs
+    - if: $CI_MERGE_REQUEST_ID              # Execute jobs in MR context
+    - if: '$CI_COMMIT_BRANCH =~ $GITBOX_CI_UPLOAD_BRANCHES'
+                                            # Execute jobs when new commit is pushed to upload branch
+
+stages:
+  - build
+  - deploy
+  - upload-debian-packages
+  - copy-to-golden
+
+.build-debs:
+  stage: build
+  image: debian:${DEBIAN_RELEASE_NAME}
+  script:
+    - apt-get update
+    - apt-get install --yes --no-install-recommends devscripts build-essential equivs git-buildpackage lsb-release libdistro-info-perl
+    - ci/update-debian-changelog
+    - mk-build-deps --install --remove --tool "apt-get --yes --no-install-recommends" debian/control
+    - gbp buildpackage --git-ignore-new --git-ignore-branch -uc -us
+    - mkdir -p artifacts
+    - dcmd mv ../*.changes ../*.build artifacts/
+  artifacts:
+    paths:
+      - artifacts/*
+
+.build-jessie:
+  extends: .build-debs
+  allow_failure: true
+  variables:
+    DEBIAN_RELEASE_NAME: jessie
+
+.build-stretch:
+  extends: .build-debs
+  variables:
+    DEBIAN_RELEASE_NAME: stretch
+
+.build-buster:
+  extends: .build-debs
+  variables:
+    DEBIAN_RELEASE_NAME: buster
+
+# Upload deb packages to development repository.
+# We use scp to upload all the files to an incoming directory.
+
+.before_upload: &before_upload
+  before_script:
+    # Ensure required variables have been set
+    - test -n "${DEV_REPO_HOST}"
+    - test -n "${DEV_REPO_KNOWN_HOSTS}"
+    - test -n "${DEV_REPO_SSH_SUBMIT_KEY}"
+    # Install dependencies
+    - apt-get update && apt-get install --yes --no-install-recommends devscripts openssh-client
+    # Configure ssh
+    - eval $(ssh-agent -s)
+    - echo "$DEV_REPO_SSH_SUBMIT_KEY" | tr -d '\r' | ssh-add - >/dev/null
+    - mkdir --mode 700 -p ~/.ssh
+    - echo "CheckHostIP no" >>~/.ssh/config
+    - echo "$DEV_REPO_KNOWN_HOSTS" >~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+
+upload-debs:
+  stage: upload-debian-packages
+  image: debian:latest
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule'
+      when: never               # Nightly jobs do not upload
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH =~ $GITBOX_CI_UPLOAD_BRANCHES'
+      when: always              # Auto-upload if merged to upload branch
+    - if: $CI_COMMIT_TAG
+      when: always              # Auto-upload if tagged
+    - when: manual              # Otherwise allow manual upload from branch
+      allow_failure: true
+  <<: *before_upload
+  script:
+    - find artifacts/* -ls
+    # scp all files referenced by the changes files to the repository
+    - dcmd scp artifacts/*.changes dists@$DEV_REPO_HOST:deb-repo/incoming
+
+# Copy packages to golden repo if they have a `release` tag.
+# Note that this must come after `upload-debs`
+
+.copy-to-golden:
+  stage: copy-to-golden
+  image: debian:latest
+  rules:
+    - if: '$CI_COMMIT_TAG && $CI_COMMIT_TAG =~ $GITBOX_CI_RELEASE_TAGS && $DEBIAN_RELEASE_NAME =~ $GITBOX_CI_GOLDEN_RELEASES'
+      when: always
+    - when: manual
+      allow_failure: true
+  <<: *before_upload
+  script:
+    - ci/copy-to-golden "$DEBIAN_RELEASE_NAME" artifacts/*.changes
+
+.golden-jessie:
+  extends: .copy-to-golden
+  allow_failure: true
+  variables:
+    DEBIAN_RELEASE_NAME: jessie
+
+.golden-stretch:
+  extends: .copy-to-golden
+  variables:
+    DEBIAN_RELEASE_NAME: stretch
+
+.golden-buster:
+  extends: .copy-to-golden
+  variables:
+    DEBIAN_RELEASE_NAME: buster
diff --git a/ci/update-debian-changelog b/ci/update-debian-changelog
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# This script ensures that the package version is appropriate
+# for the distribution that we are building for.
+#
+# = Snapshot builds =
+# We use git-buildpackage's dch subcommand to generate a changelog
+# containing git commit information. While not as good as a hand
+# edited changelog, it contains enough information to help testers
+# understand which changes are contained in the package.
+#
+# We use gbp-dch to set a version number based on the commit date
+# and git commit id.
+#
+# = Building from tags =
+# If we are building for a tag, we generate final release packages:
+#   * Leave the changelog entries as they are
+#   * If a backport, generate a backport changelog entry
+#
+# = Distribution flag =
+# In all cases, we want to make sure that the distribution name
+# is set. This is to ensure that reprepro assigns the package to
+# the correct distribution. We determine the distribution
+# using lsb_release.
+
+if [ -n "$1" ]
+then
+    # The debian directory is in another directory
+    DEBIAN_DIR="$1"
+    if [ ! -d "$DEBIAN_DIR" ]
+    then
+	echo >&2 Directory \"$DEBIAN_DIR\" not found
+	exit 1
+    fi
+    GBP_SINCE_PARAM="-s $(git rev-list --max-count=1 HEAD -- "$DEBIAN_DIR"/debian/changelog)"
+    export GIT_DIR="$(realpath .git)"
+    cd "$DEBIAN_DIR"
+else
+    DEBIAN_DIR=
+    GBP_SINCE_PARAM="--auto"
+fi
+
+# Determine the release name and number that we are building for
+DEBIAN_RELEASE_NAME="$(lsb_release --codename --short)"
+
+# Ensure generated changelog entries have the same
+export DEBEMAIL="$(dpkg-parsechangelog --show-field Maintainer)"
+
+# To ensure package version numbers for backports follow in the
+# correct order, we treat stable/oldstable as a backport build
+if [ "$DEBIAN_RELEASE_NAME" = "bullseye" ]
+then
+    BPO_FLAG=
+else
+    BPO_FLAG=--bpo
+fi
+
+# Are we building a snapshot or tag?
+if [ -z "${CI_COMMIT_TAG}" ]
+then
+    # Snapshot build
+
+    # Install git-buildpackage
+    which gbp || apt-get install --yes --no-install-recommends git-buildpackage
+
+    COMMIT_TS="$(git show --no-patch --pretty=format:%ct HEAD)"
+    COMMIT_DATE="$(date --date="@${COMMIT_TS}" +%Y%m%d%H%M)"
+    CURRENT_VERSION="$(dpkg-parsechangelog --show-field Version)"
+    SINCE_HASH="$(git rev-list --max-count=1 HEAD -- linotpd/src/debian/changelog)"
+
+    gbp dch $GBP_SINCE_PARAM --snapshot --snapshot-number="${COMMIT_DATE}" --no-multimaint --ignore-branch $BPO_FLAG
+else
+    # Tagged build
+
+    # Only create a changelog entry if we are creating a backport version
+    if [ -n "$BPO_FLAG" ]
+    then
+	dch --bpo "Autobuilt by CI"
+    fi
+fi
+
+# In order to upload to our internal archive, we need to set the distribution to
+# correct destination distribution
+CURRENT_DISTRIBUTION="$(dpkg-parsechangelog --show-field Distribution)"
+sed -i "1s/ ${CURRENT_DISTRIBUTION}\(; urgency=\)/ ${DEBIAN_RELEASE_NAME}\1/" debian/changelog
+
+# Show the results
+dpkg-parsechangelog
+
