diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh new file mode 100755 index 0000000..05de4d6 --- /dev/null +++ b/.forgejo/bin/deploy.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# shellcheck disable=SC3040 +set -eu -o pipefail + +readonly BASEBRANCH=$(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') +readonly TARGET_REPO=$CI_ALPINE_REPO + +get_qubes_release() { + case $GITHUB_BASE_REF in + r*) echo $GITHUB_BASE_REF;; + main) echo r4.3;; + esac +} + +readonly QUBES_REL=$(get_qubes_release) + +apkgs=$(find package -type f -name "*.apk") + +for apk in $apkgs; do + arch=$(echo $apk | awk -F '/' '{print $3}') + name=$(echo $apk | awk -F '/' '{print $4}') + + echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL" + return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1) + echo $return + if [ "$return" == "package file already exists" ]; then + echo "Package already exists, refreshing..." + curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name + curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL + fi +done + diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch new file mode 100644 index 0000000..eb17134 --- /dev/null +++ b/.forgejo/patches/build.patch @@ -0,0 +1,140 @@ +diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh +old mode 100644 +new mode 100755 +index c3b8f7a..0b1c9a5 +--- a/usr/local/bin/build.sh.orig ++++ b/usr/local/bin/build.sh +@@ -7,13 +7,14 @@ + set -eu -o pipefail + + readonly APORTSDIR=$CI_PROJECT_DIR +-readonly REPOS="main community testing non-free" ++readonly REPOS="main community testing" + readonly ARCH=$(apk --print-arch) + # gitlab variables + readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME + + : "${REPODEST:=$HOME/packages}" +-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}" ++: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" ++: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" + : "${MAX_ARTIFACT_SIZE:=300000000}" #300M + : "${CI_DEBUG_BUILD:=}" + +@@ -67,13 +68,32 @@ report() { + } + + get_release() { ++ echo $(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') ++} ++ ++ ++get_qubes_release() { + case $BASEBRANCH in +- *-stable) echo v"${BASEBRANCH%-*}";; +- master) echo edge;; +- *) die "Branch \"$BASEBRANCH\" not supported!" ++ r*) echo $BASEBRANCH;; ++ main) echo r4.3;; + esac + } + ++changed_aports() { ++ : "${APORTSDIR?APORTSDIR missing}" ++ : "${BASEBRANCH?BASEBRANCH missing}" ++ ++ cd "$APORTSDIR" ++ local aports ++ ++ aports=$(git diff --name-only --diff-filter=ACMR \ ++ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) ++ ++ # shellcheck disable=2086 ++ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename ++} ++ ++ + build_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" +@@ -99,13 +119,13 @@ set_repositories_for() { + local release + + release=$(get_release) +- for repo in $REPOS; do ++ for repo in qubes-$(get_qubes_release); do + [ "$repo" = "non-free" ] && continue +- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue ++ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue + repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" + [ "$repo" = "$target_repo" ] && break + done +- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" ++ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" + doas apk update + } + +@@ -118,7 +138,15 @@ apply_offset_limit() { + } + + setup_system() { +- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories" ++ local repos='' repo='' ++ local release ++ ++ release=$(get_release) ++ for repo in $REPOS; do ++ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue ++ repos="$repos $ALPINE_MIRROR/$release/$repo" ++ done ++ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" + doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" + abuild-keygen -ain + doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf +@@ -192,32 +220,22 @@ section_end setup + build_start=$CI_ALPINE_BUILD_OFFSET + build_limit=$CI_ALPINE_BUILD_LIMIT + +-for repo in $(changed_repos); do +- set_repositories_for "$repo" +- built_aports=0 +- changed_aports_in_repo=$(changed_aports "$repo") +- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) +- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") ++set_repositories_for $(get_qubes_release) ++built_aports=0 ++changed_aports_in_repo=$(changed_aports $BASEBRANCH) ++changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) ++changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") + +- msg "Changed aports in $repo:" +- # shellcheck disable=SC2086 # Splitting is expected here +- printf " - %s\n" $changed_aports_to_build +- for pkgname in $changed_aports_to_build; do +- section_start "build_$pkgname" "Building package $pkgname" +- built_aports=$((built_aports+1)) +- if check_aport "$repo" "$pkgname"; then +- build_aport "$repo" "$pkgname" +- fi +- section_end "build_$pkgname" +- done +- +- build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) +- build_limit=$((build_limit-built_aports)) +- +- if [ $build_limit -le 0 ]; then +- msg "Limit reached, breaking" +- break ++msg "Changed aports:" ++# shellcheck disable=SC2086 # Splitting is expected here ++printf " - %s\n" $changed_aports_to_build ++for pkgname in $changed_aports_to_build; do ++ section_start "build_$pkgname" "Building package $pkgname" ++ built_aports=$((built_aports+1)) ++ if check_aport . "$pkgname"; then ++ build_aport . "$pkgname" + fi ++ section_end "build_$pkgname" + done + + section_start artifacts "Handeling artifacts" collapse diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml new file mode 100644 index 0000000..d077e49 --- /dev/null +++ b/.forgejo/workflows/build-edge.yaml @@ -0,0 +1,52 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-edge: + runs-on: x86_64 + container: + image: alpinelinux/alpine-gitlab-ci:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + steps: + - name: Environment setup + run: | + doas apk add nodejs git patch curl + cd /etc/apk/keys + doas curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: Package build + run: | + doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch + build.sh + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: packages + + deploy-edge: + needs: [build-edge] + runs-on: x86_64 + container: + image: alpine:latest + env: + CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' + FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + steps: + - name: Setting up environment + run: apk add nodejs curl findutils git gawk + - name: Repo pull + uses: actions/checkout@v4 + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Package deployment + run: ${{ github.workspace }}/.forgejo/bin/deploy.sh diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml new file mode 100644 index 0000000..3614deb --- /dev/null +++ b/.forgejo/workflows/lint.yaml @@ -0,0 +1,21 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + lint: + run-name: lint + runs-on: x86_64 + container: + image: alpinelinux/apkbuild-lint-tools:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + steps: + - run: doas apk add nodejs git + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + - run: lint diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 9fdf349..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,80 +0,0 @@ -stages: - - verify - - build - - deploy - -variables: - GIT_STRATEGY: clone - GIT_DEPTH: "500" - -lint: - stage: verify - interruptible: true - script: - - | - sudo apk add shellcheck atools sudo abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - lint - allow_failure: true - only: - - merge_requests - tags: - - apk-v3.18-x86_64 - -.build: - stage: build - interruptible: true - script: - - | - sudo apk add alpine-sdk lua-aports sudo - sudo addgroup $USER abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - sudo -Eu $USER build.sh - artifacts: - paths: - - packages/ - - keys/ - - logs/ - expire_in: 7 days - only: - - merge_requests - -build-v3.19: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.19 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-v3.20: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.20 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-edge: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: edge - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - - -push: - interruptible: true - stage: deploy - script: - - | - sudo apk add abuild git-annex findutils - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - push.sh - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: manual - tags: - - repo - diff --git a/.gitlab/bin/APKBUILD_SHIM b/.gitlab/bin/APKBUILD_SHIM deleted file mode 100755 index 76577ff..0000000 --- a/.gitlab/bin/APKBUILD_SHIM +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -set -e - -arch= -builddir= -checkdepends= -depends= -depends_dev= -depends_doc= -depends_libs= -depends_openrc= -depends_static= -install= -install_if= -langdir= -ldpath= -license= -makedepends= -makedepends_build= -makedepends_host= -md5sums= -options= -patch_args= -pkgbasedir= -pkgdesc= -pkgdir= -pkgname= -pkgrel= -pkgver= -pkggroups= -pkgusers= -provides= -provider_priority= -replaces= -sha256sums= -sha512sums= -sonameprefix= -source= -srcdir= -startdir= -subpackages= -subpkgdir= -subpkgname= -triggers= -url= - -# abuild.conf - -CFLAGS= -CXXFLAGS= -CPPFLAGS= -LDFLAGS= -JOBS= -MAKEFLAGS= -CMAKE_CROSSOPTS= - -. ./APKBUILD - -: "$arch" -: "$builddir" -: "$checkdepends" -: "$depends" -: "$depends_dev" -: "$depends_doc" -: "$depends_libs" -: "$depends_openrc" -: "$depends_static" -: "$install" -: "$install_if" -: "$langdir" -: "$ldpath" -: "$license" -: "$makedepends" -: "$makedepends_build" -: "$makedepends_host" -: "$md5sums" -: "$options" -: "$patch_args" -: "$pkgbasedir" -: "$pkgdesc" -: "$pkgdir" -: "$pkgname" -: "$pkgrel" -: "$pkgver" -: "$pkggroups" -: "$pkgusers" -: "$provides" -: "$provider_priority" -: "$replaces" -: "$sha256sums" -: "$sha512sums" -: "$sonameprefix" -: "$source" -: "$srcdir" -: "$startdir" -: "$subpackages" -: "$subpkgdir" -: "$subpkgname" -: "$triggers" -: "$url" - -# abuild.conf - -: "$CFLAGS" -: "$CXXFLAGS" -: "$CPPFLAGS" -: "$LDFLAGS" -: "$JOBS" -: "$MAKEFLAGS" -: "$CMAKE_CROSSOPTS" diff --git a/.gitlab/bin/apkbuild-shellcheck b/.gitlab/bin/apkbuild-shellcheck deleted file mode 100755 index 3126684..0000000 --- a/.gitlab/bin/apkbuild-shellcheck +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -shellcheck -s ash \ - -e SC3043 \ - -e SC3057 \ - -e SC3060 \ - -e SC2016 \ - -e SC2086 \ - -e SC2169 \ - -e SC2155 \ - -e SC2100 \ - -e SC2209 \ - -e SC2030 \ - -e SC2031 \ - -e SC1090 \ - -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh deleted file mode 100755 index 5905fbc..0000000 --- a/.gitlab/bin/build.sh +++ /dev/null @@ -1,270 +0,0 @@ -#!/bin/sh -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="qubes/r4.1" -readonly ALPINE_REPOS="main community testing" -readonly ARCH=$(apk --print-arch) -# gitlab variables -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -: "${REPODEST:=$HOME/packages}" -: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}" -: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" -: "${MAX_ARTIFACT_SIZE:=300000000}" #300M -: "${CI_DEBUG_BUILD:=}" - -: "${CI_ALPINE_BUILD_OFFSET:=0}" -: "${CI_ALPINE_BUILD_LIMIT:=9999}" -: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}" - -msg() { - local color=${2:-green} - case "$color" in - red) color="31";; - green) color="32";; - yellow) color="33";; - blue) color="34";; - *) color="32";; - esac - printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2 -} - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -die() { - msg "$1" red - exit 1 -} - -capture_stderr() { - "$@" 2>&1 -} - -report() { - report=$1 - - reportsdir=$APORTSDIR/logs/ - mkdir -p "$reportsdir" - - tee -a "$reportsdir/$report.log" -} - -get_release() { - local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') - case $RELEASE in - v*) echo "${RELEASE%-*}";; - edge) echo edge;; - *) die "Branch \"$RELEASE\" not supported!" - esac -} - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -build_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if abuild -r 2>&1 | report "build-$aport"; then - checkapk | report "checkapk-$aport" || true - aport_ok="$aport_ok $aport" - else - aport_ng="$aport_ng $aport" - fi -} - -check_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if ! abuild check_arch 2>/dev/null; then - aport_na="$aport_na $aport" - return 1 - fi -} - -set_repositories_for() { - local target_repo="$1" repos='' repo='' - local release - - release=$(get_release) - repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports" - sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories" - sudo apk update || true -} - -apply_offset_limit() { - start=$1 - limit=$2 - end=$((start+limit)) - - sed -n "$((start+1)),${end}p" -} - -setup_system() { - local repos='' repo='' - local release - - release=$(get_release) - for repo in $ALPINE_REPOS; do - [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue - repos="$repos $ALPINE_MIRROR/$release/$repo" - done - repos="$repos $MIRROR/$release/cross" - sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories" - sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system" - gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa - gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub - chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa - echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf - sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub - - sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf - ( . /etc/abuild.conf && echo "Building with $JOBS jobs" ) - mkdir -p "$REPODEST" - git config --global init.defaultBranch master -} - -sysinfo() { - printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)" - printf "- Number of Cores: %s\n" "$(nproc)" - printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)" - printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')" -} - -copy_artifacts() { - cd "$APORTSDIR" - - packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')" - if [ -z "$packages_size" ]; then - return - fi - - echo "Artifact size: $packages_size bytes" - - mkdir -p keys/ packages/ - - if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then - msg "Copying packages for artifact upload" - mkdir packages/$CI_ALPINE_TARGET_RELEASE - cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null - cp ~/.abuild/*.rsa.pub keys/ - else - msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow - fi -} - -section_start setup "Setting up the system" collapse - -if debugging; then - set -x -fi - -aport_ok= -aport_na= -aport_ng= -failed= - -sysinfo || true -setup_system || die "Failed to setup system" - -# git no longer allows to execute in repositories owned by different users -sudo chown -R $USER: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base" - echo "Merge base: $merge_base" - git --version - git config -l - [ -n "$merge_base" ] && git tag -f merge-base "$merge_base" - git --no-pager log -200 --oneline --graph --decorate --all -fi - -section_end setup - -build_start=$CI_ALPINE_BUILD_OFFSET -build_limit=$CI_ALPINE_BUILD_LIMIT - -mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys -set_repositories_for $(get_qubes_release) -built_aports=0 -changed_aports_in_repo=$(changed_aports $BASEBRANCH) -changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) -changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") - -msg "Changed aports:" -# shellcheck disable=SC2086 # Splitting is expected here -printf " - %s\n" $changed_aports_to_build -for pkgname in $changed_aports_to_build; do - section_start "build_$pkgname" "Building package $pkgname" - built_aports=$((built_aports+1)) - if check_aport qubes-aports "$pkgname"; then - build_aport qubes-aports "$pkgname" - fi - section_end "build_$pkgname" -done - -build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) -build_limit=$((build_limit-built_aports)) - -if [ $build_limit -le 0 ]; then - msg "Limit reached, breaking" - break -fi - -section_start artifacts "Handeling artifacts" collapse -copy_artifacts || true -section_end artifacts - -section_start summary "Build summary" - -echo "### Build summary ###" - -for ok in $aport_ok; do - msg "$ok: build succesfully" -done - -for na in $aport_na; do - msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow -done - -for ng in $aport_ng; do - msg "$ng: build failed" red - failed=true -done -section_end summary - -if [ "$failed" = true ]; then - exit 1 -elif [ -z "$aport_ok" ]; then - msg "No packages found to be built." yellow -fi diff --git a/.gitlab/bin/changed-aports b/.gitlab/bin/changed-aports deleted file mode 100755 index 4541230..0000000 --- a/.gitlab/bin/changed-aports +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -if [ $# -lt 1 ]; then - echo "Usage: $0 " - exit 1 -fi - -if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then - echo "Fatal: not inside a git repository" - exit 2 -fi - -basebranch=$1 - -if ! git rev-parse --verify --quiet $basebranch >/dev/null; then - # The base branch does not eixst, probably due to a shallow clone - git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch -fi - -git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname diff --git a/.gitlab/bin/functions.sh b/.gitlab/bin/functions.sh deleted file mode 100755 index 3792bb7..0000000 --- a/.gitlab/bin/functions.sh +++ /dev/null @@ -1,63 +0,0 @@ -# shellcheck disable=SC3043 - -: - -# shellcheck disable=SC3040 -set -eu -o pipefail - -changed_aports() { - : "${APORTSDIR?APORTSDIR missing}" - : "${BASEBRANCH?BASEBRANCH missing}" - - cd "$APORTSDIR" - local repo="$1" - local aports - - aports=$(git diff --name-only --diff-filter=ACMR \ - "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) - - # shellcheck disable=2086 - ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename -} - -section_start() { - name=${1?arg 1 name missing} - header=${2?arg 2 header missing} - collapsed=$2 - timestamp=$(date +%s) - - options="" - case $collapsed in - yes|on|collapsed|true) options="[collapsed=true]";; - esac - - printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header" -} - -section_end() { - name=$1 - timestamp=$(date +%s) - - printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name" -} - -gitlab_key_to_rsa() { - KEY=$1 - TYPE=$2 - TGT=$3 - TGT_DIR=${TGT%/*} - if [ "$TGT" == "$TGT_DIR" ]; then - TGT_DIR="./" - fi - if [ ! -d "$TGT_DIR" ]; then - mkdir -p "$TGT_DIR" - fi - case $TYPE in - rsa-public) local type="PUBLIC";; - rsa-private) local type="RSA PRIVATE";; - esac - echo "-----BEGIN $type KEY-----" > "$TGT" - echo $1 | sed 's/.\{64\}/&\ -/g' >> "$TGT" - echo "-----END $type KEY-----" >> "$TGT" -} diff --git a/.gitlab/bin/lint b/.gitlab/bin/lint deleted file mode 100755 index c1edcfb..0000000 --- a/.gitlab/bin/lint +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -BLUE="\e[34m" -MAGENTA="\e[35m" -RESET="\e[0m" - -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -# git no longer allows to execute in repositories owned by different users -sudo chown -R gitlab-runner: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) - echo "$merge_base" - git --version - git config -l - git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; } - git log --oneline --graph --decorate --all -fi - -has_problems=0 - -for PKG in $(changed-aports "$BASEBRANCH"); do - printf "$BLUE==>$RESET Linting $PKG\n" - - ( - cd "$PKG" - - repo=$(basename $(dirname $PKG)); - - if [ "$repo" == "backports" ]; then - echo "Skipping $PKG as backports (we don't care)" - continue - fi - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " parse APKBUILD:\n" - printf '======================================================' - printf "$RESET\n\n" - ( . ./APKBUILD ) || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " abuild sanitycheck:\n" - printf '======================================================' - printf "$RESET\n\n" - abuild sanitycheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-shellcheck:\n" - printf '======================================================' - printf "$RESET\n" - apkbuild-shellcheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-lint:\n" - printf '======================================================' - printf "$RESET\n\n" - apkbuild-lint APKBUILD || has_problems=1 - - return $has_problems - ) || has_problems=1 - - echo -done - -exit $has_problems diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh deleted file mode 100755 index 47185e7..0000000 --- a/.gitlab/bin/push.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="backports user" -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - -gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa -gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub -gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa -chmod 700 "$HOME"/.ssh/id_rsa -chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa - -echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf -echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf -sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -QUBES_REL=$(get_qubes_release) - -for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do - - if [ -d $HOME/repo-apk ]; then - git -C $HOME/repo-apk fetch - git -C $HOME/repo-apk checkout $release - git -C $HOME/repo-apk pull --rebase - else - git clone forgejo@ayakael.net:forge/repo-apk.git -b $BASEBRANCH $HOME/repo-apk - fi - - git -C $HOME/repo-apk annex sync --content - - for i in $(find packages/$release -type f -name "*.apk"); do - install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} - done - - fetch_flags="-qn" - git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - - rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true - mkdir -p qubes/$QUBES_REL/DUMMY - echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD - cd qubes/$QUBES_REL/DUMMY - abuild index - cd "$CI_PROJECT_DIR" - rm -R qubes/$QUBES_REL/DUMMY - - git -C $HOME/repo-apk add . - git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" - git -C $HOME/repo-apk annex sync --content -done diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index d32f375..ead9d80 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.37 _gittag=v$pkgver -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="http://qubes-os.org/" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 70bc8e2..b0e59e1 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.3 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64"