mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-05-04 04:31:49 +02:00
02151b5b9f
When deploying packages, build the RPM package for Fedora 37 and deploy only that. Problem ======= The v0.4.0 release introduced Fedora 37 support. We had tested building an RPM package for Fedora 37 and installing it successfully, so we assumed that we had the green light for the release. Turns out however that our CI runners were not building packages for each of our supported Fedora release, but solely for Fedora 35. It so happened that Fedora 35 and Fedora 36 had similar Python versions, but the same did not apply to Fedora 37. The end result is that users could not install Dangerzone on Fedora 37 through our official repo. Remediation =========== In order to help out Fedora 37 users, we plan to do the following: 1. Bump the Fedora patch level of our package to -2. This will help users install the new package, once we release it. 2. Change our CI pipeline to build an RPM package for Fedora 37 instead, and deploy that to PackageCloud. 3. Comment out all the other deployments to PackageCloud, since the rest of the distros are not affected. IMPORTANT: This is a hotfix that should never be merged back in the main branch. Fixes #156
409 lines
12 KiB
YAML
409 lines
12 KiB
YAML
version: 2.1
|
|
|
|
aliases:
|
|
- &provide-podman
|
|
name: Provide Podman in Ubuntu Focal
|
|
command: ./install/linux/install-podman-ubuntu-focal.sh --repo-only
|
|
|
|
- &install-podman
|
|
name: Install Podman in Ubuntu Focal
|
|
command: ./install/linux/install-podman-ubuntu-focal.sh
|
|
|
|
- &install-dependencies-deb
|
|
name: Install dependencies (deb)
|
|
command: |
|
|
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
|
|
apt-get update
|
|
apt-get install -y git ssh podman python-all dh-python python3 python3-stdeb python3-pyside2.qtcore python3-pyside2.qtgui python3-pyside2.qtwidgets python3-appdirs python3-click python3-xdg python3-colorama
|
|
|
|
- &install-dependencies-rpm
|
|
name: Install dependencies (rpm)
|
|
command: |
|
|
dnf install -y podman git openssh make automake gcc gcc-c++ rpm-build python3-setuptools python3-pyside2 python3-appdirs python3-click python3-pyxdg python3-colorama
|
|
|
|
- &build-deb
|
|
name: Build the .deb package
|
|
command: |
|
|
./install/linux/build-deb.py
|
|
ls -lh deb_dist/
|
|
|
|
- &build-rpm
|
|
name: Build the .rpm package
|
|
command: |
|
|
./install/linux/build-rpm.py
|
|
ls -lh dist/
|
|
|
|
- &restore-cache
|
|
key: v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
|
|
paths:
|
|
- /caches/container.tar.gz
|
|
- /caches/image-id.txt
|
|
|
|
- ©-image
|
|
name: Copy container image into package
|
|
command: |
|
|
cp /caches/container.tar.gz share/
|
|
cp /caches/image-id.txt share/
|
|
|
|
- &deploy-packagecloud
|
|
command: |
|
|
VERSION=$(cat share/version.txt)
|
|
echo "PACKAGE_TYPE is ${PACKAGE_TYPE}"
|
|
echo "PACKAGECLOUD_DISTRO is ${PACKAGECLOUD_DISTRO}"
|
|
echo "VERSION is ${VERSION}"
|
|
echo ""
|
|
|
|
if [[ "${PACKAGE_TYPE}" == "deb" ]]; then
|
|
echo "pushing: deb_dist/dangerzone_${VERSION}-1_all.deb"
|
|
package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "deb_dist/dangerzone_${VERSION}-1_all.deb"
|
|
echo ""
|
|
echo "pushing: deb_dist/dangerzone_${VERSION}-1.dsc"
|
|
package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "deb_dist/dangerzone_${VERSION}-1.dsc"
|
|
elif [[ "${PACKAGE_TYPE}" == "rpm" ]]; then
|
|
echo "pushing: dist/dangerzone-${VERSION}-2.noarch.rpm"
|
|
package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "dist/dangerzone-${VERSION}-2.noarch.rpm"
|
|
echo ""
|
|
echo "pushing: dist/dangerzone-${VERSION}-2.src.rpm"
|
|
package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "dist/dangerzone-${VERSION}-2.src.rpm"
|
|
fi
|
|
|
|
jobs:
|
|
run-lint:
|
|
docker:
|
|
- image: debian:bullseye
|
|
resource_class: small
|
|
steps:
|
|
- checkout
|
|
- run:
|
|
name: Install dev. dependencies
|
|
command: |
|
|
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
|
|
apt-get update
|
|
apt-get install -y make python3 python3-pip python3-venv
|
|
python3 -m venv .venv
|
|
source .venv/bin/activate
|
|
pip install poetry
|
|
poetry --no-ansi install # FIXME --dev-only once poetry 1.2.0 is out https://github.com/python-poetry/poetry/issues/2572
|
|
- run:
|
|
name: Run linters to enforce code style
|
|
command: |
|
|
source .venv/bin/activate
|
|
make lint
|
|
|
|
build-container-image:
|
|
working_directory: /app
|
|
docker:
|
|
- image: docker:dind
|
|
steps:
|
|
- checkout
|
|
- restore_cache:
|
|
keys:
|
|
- v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
|
|
- setup_remote_docker
|
|
- run:
|
|
name: Build Dangerzone image
|
|
command: |
|
|
if [ -f "/caches/container.tar.gz" ]; then
|
|
echo "Already cached, skipping"
|
|
else
|
|
docker build --cache-from=dangerzone.rocks/dangerzone --tag dangerzone.rocks/dangerzone container
|
|
fi
|
|
- run:
|
|
name: Save Dangerzone image and image-id.txt to cache
|
|
command: |
|
|
if [ -f "/caches/container.tar.gz" ]; then
|
|
echo "Already cached, skipping"
|
|
else
|
|
mkdir -p /caches
|
|
docker save -o /caches/container.tar dangerzone.rocks/dangerzone
|
|
gzip -f /caches/container.tar
|
|
docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
|
|
fi
|
|
- save_cache:
|
|
key: v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
|
|
paths:
|
|
- /caches/container.tar.gz
|
|
- /caches/image-id.txt
|
|
|
|
convert-test-docs:
|
|
machine:
|
|
image: ubuntu-2004:202111-01
|
|
steps:
|
|
- checkout
|
|
- run: *install-podman
|
|
- run:
|
|
name: Install poetry dependencies
|
|
command: |
|
|
sudo pip3 install poetry
|
|
poetry install --no-ansi
|
|
- run:
|
|
name: Prepare cache directory
|
|
command: |
|
|
sudo mkdir -p /caches
|
|
sudo chown -R $USER:$USER /caches
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run:
|
|
name: run automated tests
|
|
command: |
|
|
poetry run make test
|
|
|
|
build-ubuntu-kinetic:
|
|
docker:
|
|
- image: ubuntu:22.10
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-deb
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-deb
|
|
|
|
build-ubuntu-jammy:
|
|
docker:
|
|
- image: ubuntu:22.04
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-deb
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-deb
|
|
|
|
build-ubuntu-focal:
|
|
docker:
|
|
- image: ubuntu:20.04
|
|
resource_class: medium+
|
|
steps:
|
|
- checkout
|
|
- run: *provide-podman
|
|
- run: *install-dependencies-deb
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-deb
|
|
|
|
#build-debian-bookworm:
|
|
# docker:
|
|
# - image: debian:bookworm
|
|
# resource_class: medium+
|
|
# steps:
|
|
# - run: *install-dependencies-deb
|
|
# - checkout
|
|
# - restore_cache: *restore-cache
|
|
# - run: *copy-image
|
|
# - run: *build-deb
|
|
|
|
build-debian-bullseye:
|
|
docker:
|
|
- image: debian:bullseye
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-deb
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-deb
|
|
|
|
build-fedora-37:
|
|
docker:
|
|
- image: fedora:37
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-rpm
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-rpm
|
|
|
|
build-fedora-36:
|
|
docker:
|
|
- image: fedora:36
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-rpm
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-rpm
|
|
|
|
build-fedora-35:
|
|
docker:
|
|
- image: fedora:35
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-rpm
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-rpm
|
|
|
|
deploy-fedora:
|
|
docker:
|
|
- image: fedora:37
|
|
resource_class: medium+
|
|
steps:
|
|
- run: *install-dependencies-rpm
|
|
- checkout
|
|
- restore_cache: *restore-cache
|
|
- run: *copy-image
|
|
- run: *build-rpm
|
|
- run:
|
|
name: Install packagecloud.io
|
|
command: |
|
|
# Fedora 37 has ruby 3.1 instead of 2.7.
|
|
dnf module install -y ruby:3.1
|
|
dnf --allowerasing -y distro-sync
|
|
# In order to build some native libraries (e.g., unf_ext), we also
|
|
# need to install C++ build tools.
|
|
dnf install -y ruby-devel make automake gcc gcc-c++
|
|
gem install package_cloud
|
|
- run:
|
|
name: Deploy fedora/37
|
|
environment:
|
|
PACKAGE_TYPE: "rpm"
|
|
PACKAGECLOUD_DISTRO: "fedora/37"
|
|
<<: *deploy-packagecloud
|
|
#- run:
|
|
# name: Deploy fedora/36
|
|
# environment:
|
|
# PACKAGE_TYPE: "rpm"
|
|
# PACKAGECLOUD_DISTRO: "fedora/36"
|
|
# <<: *deploy-packagecloud
|
|
#- run:
|
|
# name: Deploy fedora/35
|
|
# environment:
|
|
# PACKAGE_TYPE: "rpm"
|
|
# PACKAGECLOUD_DISTRO: "fedora/35"
|
|
# <<: *deploy-packagecloud
|
|
|
|
#deploy-debian:
|
|
# docker:
|
|
# - image: debian:bullseye
|
|
# resource_class: medium+
|
|
# steps:
|
|
# - run: *install-dependencies-deb
|
|
# - checkout
|
|
# - restore_cache: *restore-cache
|
|
# - run: *copy-image
|
|
# - run: *build-deb
|
|
# - run:
|
|
# name: Install packagecloud.io
|
|
# command: |
|
|
# apt-get install -y ruby-dev rubygems
|
|
# gem install -N rake
|
|
# gem install -N package_cloud
|
|
# - run:
|
|
# name: Deploy debian/bullseye
|
|
# environment:
|
|
# PACKAGE_TYPE: "deb"
|
|
# PACKAGECLOUD_DISTRO: "debian/bullseye"
|
|
# <<: *deploy-packagecloud
|
|
# - run:
|
|
# name: Deploy debian/bookworm
|
|
# environment:
|
|
# PACKAGE_TYPE: "deb"
|
|
# PACKAGECLOUD_DISTRO: "debian/bookworm"
|
|
# <<: *deploy-packagecloud
|
|
|
|
#deploy-ubuntu:
|
|
# docker:
|
|
# - image: ubuntu:22.04
|
|
# resource_class: medium+
|
|
# steps:
|
|
# - run: *install-dependencies-deb
|
|
# - checkout
|
|
# - restore_cache: *restore-cache
|
|
# - run: *copy-image
|
|
# - run: *build-deb
|
|
# - run:
|
|
# name: Install packagecloud.io
|
|
# command: |
|
|
# apt-get install -y ruby-dev rubygems
|
|
# gem install -N rake
|
|
# gem install -N package_cloud
|
|
# - run:
|
|
# name: Deploy ubuntu/kinetic
|
|
# environment:
|
|
# PACKAGE_TYPE: "deb"
|
|
# PACKAGECLOUD_DISTRO: "ubuntu/kinetic"
|
|
# <<: *deploy-packagecloud
|
|
# - run:
|
|
# name: Deploy ubuntu/jammy
|
|
# environment:
|
|
# PACKAGE_TYPE: "deb"
|
|
# PACKAGECLOUD_DISTRO: "ubuntu/jammy"
|
|
# <<: *deploy-packagecloud
|
|
# - run:
|
|
# name: Deploy ubuntu/focal
|
|
# environment:
|
|
# PACKAGE_TYPE: "deb"
|
|
# PACKAGECLOUD_DISTRO: "ubuntu/focal"
|
|
# <<: *deploy-packagecloud
|
|
|
|
workflows:
|
|
version: 2
|
|
|
|
build:
|
|
jobs:
|
|
- run-lint
|
|
- build-container-image
|
|
- convert-test-docs:
|
|
requires:
|
|
- build-container-image
|
|
- build-ubuntu-kinetic:
|
|
requires:
|
|
- build-container-image
|
|
- build-ubuntu-jammy:
|
|
requires:
|
|
- build-container-image
|
|
- build-ubuntu-focal:
|
|
requires:
|
|
- build-container-image
|
|
- build-debian-bullseye:
|
|
requires:
|
|
- build-container-image
|
|
#- build-debian-bookworm:
|
|
# requires:
|
|
# - build-container-image
|
|
- build-fedora-37:
|
|
requires:
|
|
- build-container-image
|
|
- build-fedora-36:
|
|
requires:
|
|
- build-container-image
|
|
- build-fedora-35:
|
|
requires:
|
|
- build-container-image
|
|
|
|
build-and-deploy:
|
|
jobs:
|
|
- build-container-image:
|
|
filters:
|
|
tags:
|
|
only: /^v.*/
|
|
branches:
|
|
ignore: /.*/
|
|
#- deploy-ubuntu:
|
|
# requires:
|
|
# - build-container-image
|
|
# filters:
|
|
# tags:
|
|
# only: /^v.*/
|
|
# branches:
|
|
# ignore: /.*/
|
|
#- deploy-debian:
|
|
# requires:
|
|
# - build-container-image
|
|
# filters:
|
|
# tags:
|
|
# only: /^v.*/
|
|
# branches:
|
|
# ignore: /.*/
|
|
- deploy-fedora:
|
|
requires:
|
|
- build-container-image
|
|
filters:
|
|
tags:
|
|
only: /^v.*/
|
|
branches:
|
|
ignore: /.*/
|