dangerzone/.circleci/config.yml

version: 2.1

aliases:
  - &install-podman
    name: Install Podman in Ubuntu Focal
    command: ./install/linux/install-podman-ubuntu-focal.sh

    # FIXME: Remove the following step once we drop Ubuntu Focal support. The
    # python-all dependency is an artificial requirement due to an stdeb bug
    # prior to v0.9.1. See:
    #
    # * https://github.com/astraw/stdeb/issues/153
    # * https://github.com/freedomofpress/dangerzone/issues/292#issuecomment-1349967888
  - &install-python-all
    name: Install python-all package
    command: |
      export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
      apt-get update
      apt-get install -y python-all      

  - &install-dependencies-deb
    name: Install dependencies (deb)
    command: |
      export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
      apt-get update
      apt-get install -y dh-python python3 python3-stdeb      

  - &install-dependencies-rpm
    name: Install dependencies (rpm)
    command: |
      dnf install -y rpm-build python3 python3-setuptools      

  - &build-deb
    name: Build the .deb package
    command: |
      ./install/linux/build-deb.py
      ls -lh deb_dist/      

  - &build-rpm
    name: Build the .rpm package
    command: |
      ./install/linux/build-rpm.py
      ls -lh dist/      

  - &restore-cache
    key: v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
    paths:
      - /caches/container.tar.gz
      - /caches/image-id.txt

  - &copy-image
    name: Copy container image into package
    command: |
      cp /caches/container.tar.gz share/
      cp /caches/image-id.txt share/      

  - &deploy-packagecloud
    command: |
      VERSION=$(cat share/version.txt)
      echo "PACKAGE_TYPE is ${PACKAGE_TYPE}"
      echo "PACKAGECLOUD_DISTRO is ${PACKAGECLOUD_DISTRO}"
      echo "VERSION is ${VERSION}"
      echo ""

      if [[ "${PACKAGE_TYPE}" == "deb" ]]; then
        echo "pushing: deb_dist/dangerzone_${VERSION}-1_all.deb"
        package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "deb_dist/dangerzone_${VERSION}-1_all.deb"
        echo ""
        echo "pushing: deb_dist/dangerzone_${VERSION}-1.dsc"
        package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "deb_dist/dangerzone_${VERSION}-1.dsc"
      elif [[ "${PACKAGE_TYPE}" == "rpm" ]]; then
        echo "pushing: dist/dangerzone-${VERSION}-1.noarch.rpm"
        package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "dist/dangerzone-${VERSION}-1.noarch.rpm"
        echo ""
        echo "pushing: dist/dangerzone-${VERSION}-1.src.rpm"
        package_cloud push "firstlookmedia/code/${PACKAGECLOUD_DISTRO}" "dist/dangerzone-${VERSION}-1.src.rpm"
      fi      

jobs:
  run-lint:
    docker:
      - image: debian:bookworm
    resource_class: small
    steps:
      - checkout
      - run:
          name: Install dev. dependencies
          # Install only the necessary packages to run our linters.
          command: |
            export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
            apt-get update
            apt-get install -y make python3 python3-poetry --no-install-recommends
            poetry install --only lint            
      - run:
          name: Run linters to enforce code style
          command: poetry run make lint
      - run:
          name: Check that the QA script is up to date with the docs
          command: ./dev_scripts/qa.py --check-refs

  build-container-image:
    working_directory: /app
    docker:
      - image: docker:dind
    steps:
      - checkout
      - restore_cache:
          keys:
            - v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
      - setup_remote_docker
      - run:
          name: Build Dangerzone image
          command: |
            if [ -f "/caches/container.tar.gz" ]; then
              echo "Already cached, skipping"
            else
              docker build --cache-from=dangerzone.rocks/dangerzone --tag dangerzone.rocks/dangerzone container
            fi            
      - run:
          name: Save Dangerzone image and image-id.txt to cache
          command: |
            if [ -f "/caches/container.tar.gz" ]; then
              echo "Already cached, skipping"
            else
              mkdir -p /caches
              docker save -o /caches/container.tar dangerzone.rocks/dangerzone
              gzip -f /caches/container.tar
              docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
            fi            
      - save_cache:
          key: v1-{{ checksum "container/Dockerfile" }}-{{ checksum "container/dangerzone.py" }}
          paths:
            - /caches/container.tar.gz
            - /caches/image-id.txt

  convert-test-docs:
    machine:
      image: ubuntu-2004:202111-01
    steps:
      - checkout
      - run: *install-podman
      - run:
          name: Install poetry dependencies
          command: |
            # Remove this pin once the upstream Poetry issue is fixed:
            # https://github.com/python-poetry/poetry/issues/7184
            sudo pip3 install poetry==1.2.2
            poetry install            
      - run:
          name: Prepare cache directory
          command: |
            sudo mkdir -p /caches
            sudo chown -R $USER:$USER /caches            
      - restore_cache: *restore-cache
      - run: *copy-image
      - run:
          name: run automated tests
          command: |
            poetry run make test            

  build-ubuntu-kinetic:
    docker:
      - image: ubuntu:22.10
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb

  build-ubuntu-jammy:
    docker:
      - image: ubuntu:22.04
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb

  build-ubuntu-focal:
    docker:
      - image: ubuntu:20.04
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - run: *install-python-all
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb

  build-debian-bookworm:
    docker:
      - image: debian:bookworm
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb

  build-debian-bullseye:
    docker:
      - image: debian:bullseye
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb

  build-fedora-37:
    docker:
      - image: fedora:37
    resource_class: medium+
    steps:
      - run: *install-dependencies-rpm
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-rpm

  build-fedora-36:
    docker:
      - image: fedora:36
    resource_class: medium+
    steps:
      - run: *install-dependencies-rpm
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-rpm

  build-fedora-35:
    docker:
      - image: fedora:35
    resource_class: medium+
    steps:
      - run: *install-dependencies-rpm
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-rpm

  deploy-fedora:
    docker:
      - image: fedora:35
    resource_class: medium+
    steps:
      - run: *install-dependencies-rpm
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-rpm
      - run:
          name: Install packagecloud.io
          command: |
            dnf module install -y ruby:2.7 # requires ruby 2.7
            dnf --allowerasing -y distro-sync
            dnf install -y ruby-devel
            gem install package_cloud            
      - run:
          name: Deploy fedora/37
          environment:
            PACKAGE_TYPE: "rpm"
            PACKAGECLOUD_DISTRO: "fedora/37"
          <<: *deploy-packagecloud
      - run:
          name: Deploy fedora/36
          environment:
            PACKAGE_TYPE: "rpm"
            PACKAGECLOUD_DISTRO: "fedora/36"
          <<: *deploy-packagecloud
      - run:
          name: Deploy fedora/35
          environment:
            PACKAGE_TYPE: "rpm"
            PACKAGECLOUD_DISTRO: "fedora/35"
          <<: *deploy-packagecloud

  deploy-debian:
    docker:
      - image: debian:bullseye
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb
      - run:
          name: Install packagecloud.io
          command: |
            apt-get install -y ruby-dev rubygems
            gem install -N rake
            gem install -N package_cloud            
      - run:
          name: Deploy debian/bullseye
          environment:
            PACKAGE_TYPE: "deb"
            PACKAGECLOUD_DISTRO: "debian/bullseye"
          <<: *deploy-packagecloud
      - run:
          name: Deploy debian/bookworm
          environment:
            PACKAGE_TYPE: "deb"
            PACKAGECLOUD_DISTRO: "debian/bookworm"
          <<: *deploy-packagecloud

  deploy-ubuntu:
    docker:
      - image: ubuntu:22.04
    resource_class: medium+
    steps:
      - run: *install-dependencies-deb
      - checkout
      - restore_cache: *restore-cache
      - run: *copy-image
      - run: *build-deb
      - run:
          name: Install packagecloud.io
          command: |
            apt-get install -y ruby-dev rubygems
            gem install -N rake
            gem install -N package_cloud            
      - run:
          name: Deploy ubuntu/kinetic
          environment:
            PACKAGE_TYPE: "deb"
            PACKAGECLOUD_DISTRO: "ubuntu/kinetic"
          <<: *deploy-packagecloud
      - run:
          name: Deploy ubuntu/jammy
          environment:
            PACKAGE_TYPE: "deb"
            PACKAGECLOUD_DISTRO: "ubuntu/jammy"
          <<: *deploy-packagecloud
      - run:
          name: Deploy ubuntu/focal
          environment:
            PACKAGE_TYPE: "deb"
            PACKAGECLOUD_DISTRO: "ubuntu/focal"
          <<: *deploy-packagecloud

workflows:
  version: 2

  build:
    jobs:
      - run-lint
      - build-container-image
      - convert-test-docs:
          requires:
            - build-container-image
      - build-ubuntu-kinetic:
          requires:
            - build-container-image
      - build-ubuntu-jammy:
          requires:
            - build-container-image
      - build-ubuntu-focal:
          requires:
            - build-container-image
      - build-debian-bullseye:
          requires:
            - build-container-image
      - build-debian-bookworm:
          requires:
            - build-container-image
      - build-fedora-37:
          requires:
            - build-container-image
      - build-fedora-36:
          requires:
            - build-container-image
      - build-fedora-35:
          requires:
            - build-container-image

  build-and-deploy:
    jobs:
      - build-container-image:
          filters:
            tags:
              only: /^v.*/
            branches:
              ignore: /.*/
      - deploy-ubuntu:
          requires:
            - build-container-image
          filters:
            tags:
              only: /^v.*/
            branches:
              ignore: /.*/
      - deploy-debian:
          requires:
            - build-container-image
          filters:
            tags:
              only: /^v.*/
            branches:
              ignore: /.*/
      - deploy-fedora:
          requires:
            - build-container-image
          filters:
            tags:
              only: /^v.*/
            branches:
              ignore: /.*/