From 894be0392359428e862173541dd3d175ea90da58 Mon Sep 17 00:00:00 2001 From: vilmibm Date: Mon, 3 Aug 2020 16:37:21 -0500 Subject: [PATCH] linux repo creation --- .github/workflows/releases.yml | 112 +++++++++++++++++++++++++++++++++ script/distributions | 16 +++++ script/override.focal | 2 + script/pubkey.asc | 41 ++++++++++++ script/rpmmacros | 1 + 5 files changed, 172 insertions(+) create mode 100644 script/distributions create mode 100644 script/override.focal create mode 100644 script/pubkey.asc create mode 100644 script/rpmmacros diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 1c3baa6e8..00260ca16 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -62,6 +62,118 @@ jobs: api() { bin/hub api -H 'accept: application/vnd.github.inertia-preview+json' "$@"; } cards=$(api projects/columns/$PENDING_COLUMN/cards | jq ".[].id") for card in $cards; do api projects/columns/cards/$card/moves --field position=top --field column_id=$DONE_COLUMN; done + rpm-repos: + if: "!contains(github.ref, '-')" # skip prereleases + needs: goreleaser + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Get package artifacts + uses: i3h/download-release-asset@v1 + with: + owner: cli + repo: cli + tag: latest + file: .*.rpm + - name: install createrepo, rpm + run: sudo apt-get install -y createrepo rpm + - name: set up gpg + run: | + echo "Importing pubkey..." + cat script/pubkey.asc | gpg --import --no-tty --batch --yes + echo "Importing seckey..." + echo ${{secrets.GPG_KEY}} | base64 -d | gpg --import --no-tty --batch --yes + echo "Resetting gpg-agent and ingesting passphrase" + echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf + gpg-connect-agent RELOADAGENT /bye + echo ${{secrets.GPG_PASSPHRASE}} | /usr/lib/gnupg2/gpg-preset-passphrase --preset 867DAD5051270B843EF54F6186FA10E3A1D22DC5 + - name: Sign RPMs + run: | + cp script/rpmmacros ~/.rpmmacros + rpmsign --addsign *.rpm + - name: Checkout pages site + uses: actions/checkout@v2 + with: + repository: github/cli.github.com + path: site + fetch-depth: 0 + token: ${{secrets.SITE_GITHUB_TOKEN}} + - name: run createrepo + run: | + cp *.rpm site/packages/rpm/ + createrepo site/packages/rpm + cd site/packages/rpm && gpg --yes --detach-sign --armor repodata/repomd.xml + cd ../../../ + - name: publish site + env: + GIT_COMMITTER_NAME: cli automation + GIT_AUTHOR_NAME: cli automation + GIT_COMMITTER_EMAIL: noreply@github.com + GIT_AUTHOR_EMAIL: noreply@github.com + run: | + git -C site add packages + git -C site commit -m"${GITHUB_REF} rpm packages" + git -C site push + + deb-repos: + if: "!contains(github.ref, '-')" # skip prereleases + needs: goreleaser + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Get package artifacts + uses: i3h/download-release-asset@v1 + with: + owner: cli + repo: cli + tag: latest + file: .*.deb + - name: install reprepro + run: sudo apt-get install -y reprepro + - name: set up gpg + run: | + echo "Importing pubkey..." + cat script/pubkey.asc | gpg --import --no-tty --batch --yes + echo "Importing seckey..." + echo ${{secrets.GPG_KEY}} | base64 -d | gpg --import --no-tty --batch --yes + echo "Resetting gpg-agent and ingesting passphrase" + echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf + gpg-connect-agent RELOADAGENT /bye + echo ${{secrets.GPG_PASSPHRASE}} | /usr/lib/gnupg2/gpg-preset-passphrase --preset 867DAD5051270B843EF54F6186FA10E3A1D22DC5 + - name: run reprepro + env: + RELEASES: "focal stable" + run: | + mkdir upload + for release in $RELEASES; do + for file in *.deb ; do + /usr/bin/reprepro --confdir="+b/script" includedeb $release $file; + done + done + - name: "Select repo artifacts" + # Select only final repo artifacts (this makes reprepro runs stateless) + run: cp -a dists/ pool/ upload/ + - name: Checkout pages site + uses: actions/checkout@v2 + with: + repository: github/cli.github.com + path: site + fetch-depth: 0 + token: ${{secrets.SITE_GITHUB_TOKEN}} + - name: add files to site + run: cp -a upload/* site/packages/ + - name: publish site + env: + GIT_COMMITTER_NAME: cli automation + GIT_AUTHOR_NAME: cli automation + GIT_COMMITTER_EMAIL: noreply@github.com + GIT_AUTHOR_EMAIL: noreply@github.com + run: | + git -C site add packages + git -C site commit -m"${GITHUB_REF} deb packages" + git -C site push msi: needs: goreleaser runs-on: windows-latest diff --git a/script/distributions b/script/distributions new file mode 100644 index 000000000..67536e4c2 --- /dev/null +++ b/script/distributions @@ -0,0 +1,16 @@ +Origin: gh +Label: gh +Codename: stable +Architectures: i386 amd64 arm64 +Components: main +Description: The GitHub CLI - debian stable repo +SignWith: C99B11DEB97541F0 + +Origin: gh +Label: gh +Codename: focal +Architectures: i386 amd64 arm64 +Components: main +Description: The GitHub CLI - ubuntu focal repo +SignWith: C99B11DEB97541F0 +DebOverride: override.focal diff --git a/script/override.focal b/script/override.focal new file mode 100644 index 000000000..89ab311a7 --- /dev/null +++ b/script/override.focal @@ -0,0 +1,2 @@ +gh Priority optional +gh Section Development diff --git a/script/pubkey.asc b/script/pubkey.asc new file mode 100644 index 000000000..9c313b43d --- /dev/null +++ b/script/pubkey.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBF9PzXUBDADjf/5plZnxldgufVJUC0xpwITJHB3iUvpTwYEgBaOi7WE+JkHb ++SN+2PFAumVftvOiCrt9TnrXDeUDGMsfiUa0zXsaU8pC1IcmnbYCjZqfWOmBUGoR +iGrgZxSnXQuJOIsK5R8ST9G6v7BCKTgBnTmjIeCLCEOg0GU0avrBnmszOUjDabBl +tvm/KC1lSsTfQjrn3j7LGbyVfTZ/nhIHnVUOjU4NcY9hd5xXydF0wpZ0pr28dcHI +O5X9YZSq+w8bNlGBQMa/RhGmRBIMAEKeoLFh6q/CuToe/5x8xgowJZDkSNjVmaeR +Acbdyhn2FmLyF/jFNXZ1DveX933N0MjQ/NCGgxpKbVVG+5BRSUA3Z53yvdzC61kO +8r88ZEXli4uBCNSRGcpjsS+EyV8ydMxC4uhRrbaa8b3xI0yHS9/VJ3+1vUuo4vxZ +sgbsmzErGOfyRaaF6SMJcQKf67Xk2whuDNQvRCwA8w7ZAK+XtyJ1M39fgDjRLVu6 +LK2A64jDiKPrOU0AEQEAAbQfTmF0ZSBTbWl0aCA8dmlsbWlibUBnaXRodWIuY29t +PokB1AQTAQoAPhYhBCyjIFbtIGy4H0SoysmbEd65dUHwBQJfT811AhsDBQkDwmcA +BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMmbEd65dUHwdWQL/1ztvcwtZUdv +c4XgwAU5DbGWxuVTAhMj+Y0o8Es3EZot6Ck9jhKUVHSF101Bbs0Nl1iOupr5P3yE +cKgsK5hB+g0Y503DsNjz3i6OyWuHVeIWmk9pXQF/ly3VOgj0atJwiR8RV79/iw+i +zcDkbKQ++3bIgLDVQ/b/EwJRZnxbBDNMRHOzxFR+JwazwFxTI5pGk0vcG6yFtKnI +4fvmVE3WjmCOaGk8umuQJ/UG/F/oWx46gnF/+VG7xIK0lbOj4GDuLRGeRftTLREw +5FTakC8vbddBfjpgOI6wAmE7UEU4L3S7wRvZeOrHzNCO5qBofTGbZVKZrkEHVCO5 +scuz04ESpUyGtV7QXVETWeo+hm8HD91pCdlpSOIpuE0kgUfifqYsDvuXMW7tb5+G +AdRjG5mTACoF+SrcfSapg2vqOvxBNB9DAVSUdsIKucepJy3n5Wp72+sGDZsIj/H1 +lCZ6Ycw5U/kqTQ3Vah4zSFH973C49+T5eTvtTjXL7TedfsF7JyxrirkBjQRfT811 +AQwAtY1zvmSpRIzN3uZWisOXrgW4AiLfbJYEpII9URuyzS3J9tYNVQMsvMQgNqaZ +fin0PY4sxj6f3WZSl0Ohc11vSjqMjaZ5YlEzcd3mG1dQCqnQmTmKFk7CgIZNU73t +4f8lKL26HMMfG0kiVZrYM6CxDK6CrX47yH5QSfVCpQBG1Dl28VdjGsfiqL3U3m3S +62p70guWGreqCJ+8GmhxhOFCDphudYVQxvIdnVw9FDetXfhYv/aJ74zwG+IYdjdf +Wxu9uqXjNKBmz6m1DMRYwgP8zWfS48lEnR/uNIkM13GEKOq1qjsEwRLXDBYS38TS +OsU4c8gS+dbCroUfbj5T332VfhSijf9yPmgqoXq9uhFs4uBOQPFDJhYLghHC/Etx +DtgqNvs+TQ+71aTEN+7PDcxmiJBT2Hecu//tOPAG6iqAtEJ0CSNt7ioKGaybkBg8 +RXv20ztJ2vUR8iq7DeoAOOBJsLXfjwFsEPT9zp0dzTLNL2g9mULVopNxE5YBdTol +McWTABEBAAGJAbwEGAEKACYWIQQsoyBW7SBsuB9EqMrJmxHeuXVB8AUCX0/NdQIb +DAUJA8JnAAAKCRDJmxHeuXVB8E/MC/9OWTFwggfzOTzrBT4eRohkChDwHF77WzEZ +vneaUEOgrDdkfZ4/LX/38HePae4/sIHvYMyEpqMMJor3SDLi71bPBmM4Hz5gt6Zx +9CA1CUPJ9QFHHbxMufhW/0Fdhg4cFis6gC9TK8CyjRyURAXGAEUWxGbtUV3z8k5+ +Vu6z/RNHAjcuCzwm1FgX6EaAQt14hI9DqX8YPVE+c6rhSTVuQcnvvIMRmmnirs9q +XyOoWgNBDdBsEyusOg04YWu+22nfmszrXDq4QUMkIfjeMoM/bYsF6D23ZTD4imZj +LiZe/dWok6xgMOwwBhrYP71qORwChebooVX6SylkMnfT2xp/qIeAidNSioYC2fIp +ue1p4NJ+4UaLLniQAlJ8TNoYoZ+UZDIftRYCfV+U1V9mqZtWZ9Qeuv8p6iboCVag +QomPPf2XCc2VlhOraWGGC7afWIUnEz9srg8OR9IzrITGtSF7SMHB/dB2hL/tFyFs +thQyULWTJXRidPWVyWWqegyubCbY0cY= +=ki4q +-----END PGP PUBLIC KEY BLOCK----- diff --git a/script/rpmmacros b/script/rpmmacros new file mode 100644 index 000000000..fdfb48a29 --- /dev/null +++ b/script/rpmmacros @@ -0,0 +1 @@ +%_gpg_name Nate Smith