From 37109d744d57a17301584a6b2f363c3cc0402abf Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Wed, 28 Dec 2022 16:34:37 +0530 Subject: [PATCH] feat: publish forms bin at dl.librepages.org --- .woodpecker.yml | 25 +++++++- scripts/bin-publish.sh | 119 ++++++++++++++++++++++++++++++++++++ scripts/entrypoint.sh | 18 ++++++ scripts/publish-bins-docker | 14 +++++ 4 files changed, 175 insertions(+), 1 deletion(-) create mode 100755 scripts/bin-publish.sh create mode 100644 scripts/entrypoint.sh create mode 100644 scripts/publish-bins-docker diff --git a/.woodpecker.yml b/.woodpecker.yml index e18859d..c226f9d 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -7,9 +7,21 @@ pipeline: - make migrate - make - make test + - make release - publish: + build_docker_img: image: plugins/docker + when: + event: [pull_request] + settings: + dry_run: true + repo: realaravinth/librepages-forms + tags: latest + + build_and_publish_docker_img: + image: plugins/docker + when: + event: [push, tag, deployment] settings: username: realaravinth password: @@ -17,6 +29,17 @@ pipeline: repo: realaravinth/librepages-forms tags: latest + publish_bins: + image: rust + when: + event: [push, tag, deployment] + commands: + - apt update + - apt-get -y --no-install-recommends install gpg tar curl wget + - echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback + - scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD + secrets: [RELEASE_BOT_GPG_SIGNING_KEY, DUMBSERVE_PASSWORD, GPG_PASSWORD] + services: database: image: postgres diff --git a/scripts/bin-publish.sh b/scripts/bin-publish.sh new file mode 100755 index 0000000..a906697 --- /dev/null +++ b/scripts/bin-publish.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Copyright (C) 2022 Aravinth Manivannan +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +# publish.sh: grab bin from docker container, pack, sign and upload +# $2: binary version +# $3: Docker img tag +# $4: dumbserve password + +set -xEeuo pipefail + +DUMBSERVE_USERNAME=librepages +DUMBSERVE_PASSWORD=$4 +DUMBSERVE_HOST="https://$DUMBSERVE_USERNAME:$DUMBSERVE_PASSWORD@dl.librepages.org" + +NAME=forms +KEY=67880CA5F4BC99BF247330E2DA576B07BC323961 + +TMP_DIR=$(mktemp -d) +FILENAME="$NAME-$2-linux-amd64" +TARBALL=$FILENAME.tar.gz +TARGET_DIR="$TMP_DIR/$FILENAME/" +mkdir -p $TARGET_DIR +DOCKER_IMG="realaravinth/librepages-forms:$3" + + +get_bin(){ + echo "[*] Grabbing binary" + #container_id=$(docker create $DOCKER_IMG) + #docker cp $container_id:/usr/local/bin/pages $TARGET_DIR/ + #docker rm -v $container_id + cp target/release/forms $TARGET_DIR +} + +copy() { + echo "[*] Copying dist assets" + cp README.md $TARGET_DIR + cp LICENSE.md $TARGET_DIR + + mkdir $TARGET_DIR/docs + cp docs/CONFIGURATION.md $TARGET_DIR/docs + cp -r docs/installation/ $TARGET_DIR/docs + + get_bin +} + +pack() { + echo "[*] Creating dist tarball" + pushd $TMP_DIR + tar -cvzf $TARBALL $FILENAME + popd +} + +checksum() { + echo "[*] Generating dist tarball checksum" + pushd $TMP_DIR + sha256sum $TARBALL > $TARBALL.sha256 + popd +} + +sign() { + echo "[*] Signing dist tarball checksum" + pushd $TMP_DIR + export GPG_TTY=$(tty) + gpg --verbose \ + --pinentry-mode loopback \ + --batch --yes \ + --passphrase $GPG_PASSWORD \ + --local-user $KEY \ + --output $TARBALL.asc \ + --sign --detach \ + --armor $TARBALL + popd +} + +delete_dir() { + curl --location --request DELETE "$DUMBSERVE_HOST/api/v1/files/delete" \ + --header 'Content-Type: application/json' \ + --data-raw "{ + \"path\": \"$1\" + }" +} + +upload_dist() { + upload_dist="librepages/$1" + delete_dir $upload_dist + + pushd $TMP_DIR + for file in $TARBALL $TARBALL.asc $TARBALL.sha256 + do + curl -v \ + -F upload=@$file \ + "$DUMBSERVE_HOST/api/v1/files/upload?path=$upload_dist/" + done + popd +} + + +publish() { + copy + pack + checksum + sign + upload_dist $2 +} + +$1 $@ diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh new file mode 100644 index 0000000..3c19343 --- /dev/null +++ b/scripts/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +USER_ID=${LOCAL_USER_ID} +echo $USER_ID +LIBREPAGES_USER=librepages + +echo "Starting with UID : $USER_ID" +export HOME=/home/$LIBREPAGES_USER +#adduser --disabled-password --shell /bin/bash --home $HOME --uid $USER_ID user +#--uid + +if id "$1" &>/dev/null; then + echo "User $LIBREPAGES_USER exists" +else + useradd --uid $USER_ID -b /home -m -s /bin/bash $LIBREPAGES_USER +fi + +su $LIBREPAGES_USER -c 'librepages' diff --git a/scripts/publish-bins-docker b/scripts/publish-bins-docker new file mode 100644 index 0000000..4b82c73 --- /dev/null +++ b/scripts/publish-bins-docker @@ -0,0 +1,14 @@ +FROM realaravinth/librepages-forms:latest as base +RUN echo foo + +FROM debian:bullseye-slim +RUN apt update +RUN apt-get -y --no-install-recommends install gpg tar curl wget +WORKDIR /src +COPY --from=base /usr/local/bin/forms . +COPY . . +ARG RELEASE_BOT_GPG_SIGNING_KEY +RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" +RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback +env GPG_PASSWORD=$GPG_PASSWORD +RUN /src/scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD