diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 9fdf349..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,80 +0,0 @@ -stages: - - verify - - build - - deploy - -variables: - GIT_STRATEGY: clone - GIT_DEPTH: "500" - -lint: - stage: verify - interruptible: true - script: - - | - sudo apk add shellcheck atools sudo abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - lint - allow_failure: true - only: - - merge_requests - tags: - - apk-v3.18-x86_64 - -.build: - stage: build - interruptible: true - script: - - | - sudo apk add alpine-sdk lua-aports sudo - sudo addgroup $USER abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - sudo -Eu $USER build.sh - artifacts: - paths: - - packages/ - - keys/ - - logs/ - expire_in: 7 days - only: - - merge_requests - -build-v3.19: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.19 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-v3.20: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.20 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-edge: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: edge - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - - -push: - interruptible: true - stage: deploy - script: - - | - sudo apk add abuild git-annex findutils - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - push.sh - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: manual - tags: - - repo - diff --git a/.gitlab/bin/APKBUILD_SHIM b/.gitlab/bin/APKBUILD_SHIM deleted file mode 100755 index 76577ff..0000000 --- a/.gitlab/bin/APKBUILD_SHIM +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -set -e - -arch= -builddir= -checkdepends= -depends= -depends_dev= -depends_doc= -depends_libs= -depends_openrc= -depends_static= -install= -install_if= -langdir= -ldpath= -license= -makedepends= -makedepends_build= -makedepends_host= -md5sums= -options= -patch_args= -pkgbasedir= -pkgdesc= -pkgdir= -pkgname= -pkgrel= -pkgver= -pkggroups= -pkgusers= -provides= -provider_priority= -replaces= -sha256sums= -sha512sums= -sonameprefix= -source= -srcdir= -startdir= -subpackages= -subpkgdir= -subpkgname= -triggers= -url= - -# abuild.conf - -CFLAGS= -CXXFLAGS= -CPPFLAGS= -LDFLAGS= -JOBS= -MAKEFLAGS= -CMAKE_CROSSOPTS= - -. ./APKBUILD - -: "$arch" -: "$builddir" -: "$checkdepends" -: "$depends" -: "$depends_dev" -: "$depends_doc" -: "$depends_libs" -: "$depends_openrc" -: "$depends_static" -: "$install" -: "$install_if" -: "$langdir" -: "$ldpath" -: "$license" -: "$makedepends" -: "$makedepends_build" -: "$makedepends_host" -: "$md5sums" -: "$options" -: "$patch_args" -: "$pkgbasedir" -: "$pkgdesc" -: "$pkgdir" -: "$pkgname" -: "$pkgrel" -: "$pkgver" -: "$pkggroups" -: "$pkgusers" -: "$provides" -: "$provider_priority" -: "$replaces" -: "$sha256sums" -: "$sha512sums" -: "$sonameprefix" -: "$source" -: "$srcdir" -: "$startdir" -: "$subpackages" -: "$subpkgdir" -: "$subpkgname" -: "$triggers" -: "$url" - -# abuild.conf - -: "$CFLAGS" -: "$CXXFLAGS" -: "$CPPFLAGS" -: "$LDFLAGS" -: "$JOBS" -: "$MAKEFLAGS" -: "$CMAKE_CROSSOPTS" diff --git a/.gitlab/bin/apkbuild-shellcheck b/.gitlab/bin/apkbuild-shellcheck deleted file mode 100755 index 3126684..0000000 --- a/.gitlab/bin/apkbuild-shellcheck +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -shellcheck -s ash \ - -e SC3043 \ - -e SC3057 \ - -e SC3060 \ - -e SC2016 \ - -e SC2086 \ - -e SC2169 \ - -e SC2155 \ - -e SC2100 \ - -e SC2209 \ - -e SC2030 \ - -e SC2031 \ - -e SC1090 \ - -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh deleted file mode 100755 index 5905fbc..0000000 --- a/.gitlab/bin/build.sh +++ /dev/null @@ -1,270 +0,0 @@ -#!/bin/sh -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="qubes/r4.1" -readonly ALPINE_REPOS="main community testing" -readonly ARCH=$(apk --print-arch) -# gitlab variables -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -: "${REPODEST:=$HOME/packages}" -: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}" -: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" -: "${MAX_ARTIFACT_SIZE:=300000000}" #300M -: "${CI_DEBUG_BUILD:=}" - -: "${CI_ALPINE_BUILD_OFFSET:=0}" -: "${CI_ALPINE_BUILD_LIMIT:=9999}" -: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}" - -msg() { - local color=${2:-green} - case "$color" in - red) color="31";; - green) color="32";; - yellow) color="33";; - blue) color="34";; - *) color="32";; - esac - printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2 -} - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -die() { - msg "$1" red - exit 1 -} - -capture_stderr() { - "$@" 2>&1 -} - -report() { - report=$1 - - reportsdir=$APORTSDIR/logs/ - mkdir -p "$reportsdir" - - tee -a "$reportsdir/$report.log" -} - -get_release() { - local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') - case $RELEASE in - v*) echo "${RELEASE%-*}";; - edge) echo edge;; - *) die "Branch \"$RELEASE\" not supported!" - esac -} - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -build_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if abuild -r 2>&1 | report "build-$aport"; then - checkapk | report "checkapk-$aport" || true - aport_ok="$aport_ok $aport" - else - aport_ng="$aport_ng $aport" - fi -} - -check_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if ! abuild check_arch 2>/dev/null; then - aport_na="$aport_na $aport" - return 1 - fi -} - -set_repositories_for() { - local target_repo="$1" repos='' repo='' - local release - - release=$(get_release) - repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports" - sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories" - sudo apk update || true -} - -apply_offset_limit() { - start=$1 - limit=$2 - end=$((start+limit)) - - sed -n "$((start+1)),${end}p" -} - -setup_system() { - local repos='' repo='' - local release - - release=$(get_release) - for repo in $ALPINE_REPOS; do - [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue - repos="$repos $ALPINE_MIRROR/$release/$repo" - done - repos="$repos $MIRROR/$release/cross" - sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories" - sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system" - gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa - gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub - chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa - echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf - sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub - - sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf - ( . /etc/abuild.conf && echo "Building with $JOBS jobs" ) - mkdir -p "$REPODEST" - git config --global init.defaultBranch master -} - -sysinfo() { - printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)" - printf "- Number of Cores: %s\n" "$(nproc)" - printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)" - printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')" -} - -copy_artifacts() { - cd "$APORTSDIR" - - packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')" - if [ -z "$packages_size" ]; then - return - fi - - echo "Artifact size: $packages_size bytes" - - mkdir -p keys/ packages/ - - if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then - msg "Copying packages for artifact upload" - mkdir packages/$CI_ALPINE_TARGET_RELEASE - cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null - cp ~/.abuild/*.rsa.pub keys/ - else - msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow - fi -} - -section_start setup "Setting up the system" collapse - -if debugging; then - set -x -fi - -aport_ok= -aport_na= -aport_ng= -failed= - -sysinfo || true -setup_system || die "Failed to setup system" - -# git no longer allows to execute in repositories owned by different users -sudo chown -R $USER: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base" - echo "Merge base: $merge_base" - git --version - git config -l - [ -n "$merge_base" ] && git tag -f merge-base "$merge_base" - git --no-pager log -200 --oneline --graph --decorate --all -fi - -section_end setup - -build_start=$CI_ALPINE_BUILD_OFFSET -build_limit=$CI_ALPINE_BUILD_LIMIT - -mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys -set_repositories_for $(get_qubes_release) -built_aports=0 -changed_aports_in_repo=$(changed_aports $BASEBRANCH) -changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) -changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") - -msg "Changed aports:" -# shellcheck disable=SC2086 # Splitting is expected here -printf " - %s\n" $changed_aports_to_build -for pkgname in $changed_aports_to_build; do - section_start "build_$pkgname" "Building package $pkgname" - built_aports=$((built_aports+1)) - if check_aport qubes-aports "$pkgname"; then - build_aport qubes-aports "$pkgname" - fi - section_end "build_$pkgname" -done - -build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) -build_limit=$((build_limit-built_aports)) - -if [ $build_limit -le 0 ]; then - msg "Limit reached, breaking" - break -fi - -section_start artifacts "Handeling artifacts" collapse -copy_artifacts || true -section_end artifacts - -section_start summary "Build summary" - -echo "### Build summary ###" - -for ok in $aport_ok; do - msg "$ok: build succesfully" -done - -for na in $aport_na; do - msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow -done - -for ng in $aport_ng; do - msg "$ng: build failed" red - failed=true -done -section_end summary - -if [ "$failed" = true ]; then - exit 1 -elif [ -z "$aport_ok" ]; then - msg "No packages found to be built." yellow -fi diff --git a/.gitlab/bin/changed-aports b/.gitlab/bin/changed-aports deleted file mode 100755 index 4541230..0000000 --- a/.gitlab/bin/changed-aports +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -if [ $# -lt 1 ]; then - echo "Usage: $0 " - exit 1 -fi - -if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then - echo "Fatal: not inside a git repository" - exit 2 -fi - -basebranch=$1 - -if ! git rev-parse --verify --quiet $basebranch >/dev/null; then - # The base branch does not eixst, probably due to a shallow clone - git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch -fi - -git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname diff --git a/.gitlab/bin/functions.sh b/.gitlab/bin/functions.sh deleted file mode 100755 index 3792bb7..0000000 --- a/.gitlab/bin/functions.sh +++ /dev/null @@ -1,63 +0,0 @@ -# shellcheck disable=SC3043 - -: - -# shellcheck disable=SC3040 -set -eu -o pipefail - -changed_aports() { - : "${APORTSDIR?APORTSDIR missing}" - : "${BASEBRANCH?BASEBRANCH missing}" - - cd "$APORTSDIR" - local repo="$1" - local aports - - aports=$(git diff --name-only --diff-filter=ACMR \ - "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) - - # shellcheck disable=2086 - ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename -} - -section_start() { - name=${1?arg 1 name missing} - header=${2?arg 2 header missing} - collapsed=$2 - timestamp=$(date +%s) - - options="" - case $collapsed in - yes|on|collapsed|true) options="[collapsed=true]";; - esac - - printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header" -} - -section_end() { - name=$1 - timestamp=$(date +%s) - - printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name" -} - -gitlab_key_to_rsa() { - KEY=$1 - TYPE=$2 - TGT=$3 - TGT_DIR=${TGT%/*} - if [ "$TGT" == "$TGT_DIR" ]; then - TGT_DIR="./" - fi - if [ ! -d "$TGT_DIR" ]; then - mkdir -p "$TGT_DIR" - fi - case $TYPE in - rsa-public) local type="PUBLIC";; - rsa-private) local type="RSA PRIVATE";; - esac - echo "-----BEGIN $type KEY-----" > "$TGT" - echo $1 | sed 's/.\{64\}/&\ -/g' >> "$TGT" - echo "-----END $type KEY-----" >> "$TGT" -} diff --git a/.gitlab/bin/lint b/.gitlab/bin/lint deleted file mode 100755 index c1edcfb..0000000 --- a/.gitlab/bin/lint +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -BLUE="\e[34m" -MAGENTA="\e[35m" -RESET="\e[0m" - -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -# git no longer allows to execute in repositories owned by different users -sudo chown -R gitlab-runner: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) - echo "$merge_base" - git --version - git config -l - git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; } - git log --oneline --graph --decorate --all -fi - -has_problems=0 - -for PKG in $(changed-aports "$BASEBRANCH"); do - printf "$BLUE==>$RESET Linting $PKG\n" - - ( - cd "$PKG" - - repo=$(basename $(dirname $PKG)); - - if [ "$repo" == "backports" ]; then - echo "Skipping $PKG as backports (we don't care)" - continue - fi - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " parse APKBUILD:\n" - printf '======================================================' - printf "$RESET\n\n" - ( . ./APKBUILD ) || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " abuild sanitycheck:\n" - printf '======================================================' - printf "$RESET\n\n" - abuild sanitycheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-shellcheck:\n" - printf '======================================================' - printf "$RESET\n" - apkbuild-shellcheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-lint:\n" - printf '======================================================' - printf "$RESET\n\n" - apkbuild-lint APKBUILD || has_problems=1 - - return $has_problems - ) || has_problems=1 - - echo -done - -exit $has_problems diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh deleted file mode 100755 index 47185e7..0000000 --- a/.gitlab/bin/push.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="backports user" -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - -gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa -gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub -gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa -chmod 700 "$HOME"/.ssh/id_rsa -chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa - -echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf -echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf -sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -QUBES_REL=$(get_qubes_release) - -for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do - - if [ -d $HOME/repo-apk ]; then - git -C $HOME/repo-apk fetch - git -C $HOME/repo-apk checkout $release - git -C $HOME/repo-apk pull --rebase - else - git clone forgejo@ayakael.net:forge/repo-apk.git -b $BASEBRANCH $HOME/repo-apk - fi - - git -C $HOME/repo-apk annex sync --content - - for i in $(find packages/$release -type f -name "*.apk"); do - install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} - done - - fetch_flags="-qn" - git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - - rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true - mkdir -p qubes/$QUBES_REL/DUMMY - echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD - cd qubes/$QUBES_REL/DUMMY - abuild index - cd "$CI_PROJECT_DIR" - rm -R qubes/$QUBES_REL/DUMMY - - git -C $HOME/repo-apk add . - git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" - git -C $HOME/repo-apk annex sync --content -done