Separate hardcoded values and add signing

This commit is contained in:
Davide Depau 2020-04-30 01:22:18 +02:00
parent 91648d180f
commit 1f80b91d07
No known key found for this signature in database
GPG key ID: F7F589B2907FBD24
2 changed files with 90 additions and 23 deletions

View file

@ -1,3 +1,5 @@
load('@lib//arch_pkg:settings.star', 'default_settings')
PLATFORMS = { PLATFORMS = {
'aarch64': {'os': 'linux', 'arch': 'arm64'}, 'aarch64': {'os': 'linux', 'arch': 'arm64'},
'x86_64': {'os': 'linux', 'arch': 'amd64'}, 'x86_64': {'os': 'linux', 'arch': 'amd64'},
@ -6,7 +8,6 @@ PLATFORMS = {
'i386': {'os': 'linux', 'arch': '386'}, 'i386': {'os': 'linux', 'arch': '386'},
'pentium4': {'os': 'linux', 'arch': '386'} 'pentium4': {'os': 'linux', 'arch': '386'}
} }
DOCKER_IMAGE = "depau/drone-makepkg:{arch}"
# For debugging purposes since Drone CLI won't print anything unless you # For debugging purposes since Drone CLI won't print anything unless you
# give it a somewhat valid pipeline # give it a somewhat valid pipeline
@ -18,10 +19,26 @@ def _debug_bogus(*a, **kw):
} }
def generate(config): def generate(config):
# "Unfreeze" config so we can add defaults and pass them around
_cfg = {}
_cfg.update(config)
config = _cfg
# Retrieve architectures with special configuration
special_archs = {arch: cfg for arch, cfg in config.items() if arch in PLATFORMS.keys()} special_archs = {arch: cfg for arch, cfg in config.items() if arch in PLATFORMS.keys()}
# Retrieve architectures with common configuration
others = config.get("all") or config.get("others") or None others = config.get("all") or config.get("others") or None
# Apply pipeline-specific settings on top of defaults, if any
settings = {}
settings.update(default_settings)
settings.update(config.get('settings', {}))
config['settings'] = settings
# Expand common config architectures into one dict, together with the
# special architectures
if others: if others:
# Ensure architectues are specified when using a generic config
if "arch_matrix" not in config: if "arch_matrix" not in config:
print("arch_matrix is required if all/others is defined") print("arch_matrix is required if all/others is defined")
return None return None
@ -42,6 +59,7 @@ def generate(config):
pipelines = [] pipelines = []
# Generate pipelines for every arch
for arch, archconfig in archs.items(): for arch, archconfig in archs.items():
pipelines.append(generate_pipeline(config, arch, archconfig)) pipelines.append(generate_pipeline(config, arch, archconfig))
@ -52,12 +70,14 @@ def generate(config):
def generate_pipeline(config, arch, archconfig): def generate_pipeline(config, arch, archconfig):
pipeline = { settings = config['settings']
'kind': 'pipeline',
'type': 'docker', pipeline = {}
pipeline.update(settings['pipeline'])
pipeline.update({
'name': arch, 'name': arch,
'platform': PLATFORMS[arch] 'platform': PLATFORMS[arch]
} })
steps = [] steps = []
@ -73,7 +93,7 @@ def generate_pipeline(config, arch, archconfig):
pull_set = False pull_set = False
for pkgconfig in archconfig: for pkgconfig in archconfig:
stepcfg = step_git(pkgconfig) if is_git(pkgconfig) else step_aur(pkgconfig) stepcfg = step_git(pkgconfig) if is_git(pkgconfig) else step_aur(pkgconfig)
stepcfg['image'] = DOCKER_IMAGE.format(arch=arch) stepcfg['image'] = settings['images']['build'].format(arch=arch)
if not pull_set: if not pull_set:
# Ensure the image is pulled in the first step # Ensure the image is pulled in the first step
@ -82,10 +102,14 @@ def generate_pipeline(config, arch, archconfig):
steps.append(stepcfg) steps.append(stepcfg)
steps += upload_steps(arch) # Add additional steps
for step in settings.get('additional_steps', []):
image = settings['images'][step].format(arch=arch)
step_fn = ADDITIONAL_STEPS[step]
steps.append(step_fn(image, arch, settings.get(step, {})))
if config.get('master_only', True):
# Allow builds only in the master branch by default # Allow builds only in the master branch by default
if config.get('master_only', True):
for step in steps: for step in steps:
step['when'] = {'branch': ['master']} step['when'] = {'branch': ['master']}
@ -147,19 +171,35 @@ def step_git(pkgconfig):
return None return None
# TODO: probably it's better not to hardcode everything here def sign_step(image, arch, settings):
def upload_steps(arch): step = {
return [{ 'name': 'sign',
'image': image,
'settings': {}
}
step['settings'].update(settings)
step['settings'].update({
'sign_dir': 'out'
})
return step
def upload_step(image, arch, settings):
step = {
'name': 'upload', 'name': 'upload',
'image': 'plugins/s3', 'image': image,
'settings': { 'settings': {}
'endpoint': 'https://objstor.depau.eu', }
'bucket': 'archlinux-packages', step['settings'].update(settings)
'access_key': {'from_secret': 'minio_user'}, step['settings'].update({
'secret_key': {'from_secret': 'minio_passwd'},
'source': 'out/*', 'source': 'out/*',
'target': '/' + arch, 'target': '/' + arch,
'strip_prefix': True, 'strip_prefix': True
'path_style': True })
} return step
}]
ADDITIONAL_STEPS = {
'sign': sign_step,
'upload': upload_step
}

27
settings.star Normal file
View file

@ -0,0 +1,27 @@
default_settings = {
'images': {
'build': "depau/drone-makepkg:{arch}",
'sign': "depau/drone-detach-sign:{arch}",
'upload': "plugins/s3"
},
'pipeline': {
'kind': 'pipeline',
'type': 'docker'
}
'additional_steps': ['sign', 'upload'],
'sign': {
'gpg_secret_key': {'from_secret': 'gpg_secret_key'},
'gpg_passphrase': {'from_secret': 'gpg_passphrase'}
},
'upload': {
'endpoint': 'https://objstor.depau.eu',
'bucket': 'archlinux-packages',
'access_key': {'from_secret': 'minio_user'},
'secret_key': {'from_secret': 'minio_passwd'},
'path_style': True
}
}