Separate hardcoded values and add signing

2020-04-30 01:22:18 +02:00 · 2020-04-30 01:22:18 +02:00 · 1f80b91d07
commit 1f80b91d07
parent 91648d180f
2 changed files with 90 additions and 23 deletions
--- a/helpers.star
+++ b/helpers.star
@ -1,3 +1,5 @@
+load('@lib//arch_pkg:settings.star', 'default_settings')
+
 PLATFORMS = {
    'aarch64':  {'os': 'linux', 'arch': 'arm64'},
    'x86_64':   {'os': 'linux', 'arch': 'amd64'},
@ -6,7 +8,6 @@ PLATFORMS = {
    'i386':     {'os': 'linux', 'arch': '386'},
    'pentium4': {'os': 'linux', 'arch': '386'}
 }
-DOCKER_IMAGE = "depau/drone-makepkg:{arch}"

 # For debugging purposes since Drone CLI won't print anything unless you
 # give it a somewhat valid pipeline
@ -18,10 +19,26 @@ def _debug_bogus(*a, **kw):
    } 

 def generate(config):
+    # "Unfreeze" config so we can add defaults and pass them around
+    _cfg = {}
+    _cfg.update(config)
+    config = _cfg
+
+    # Retrieve architectures with special configuration
    special_archs = {arch: cfg for arch, cfg in config.items() if arch in PLATFORMS.keys()}
+    # Retrieve architectures with common configuration
    others = config.get("all") or config.get("others") or None

+    # Apply pipeline-specific settings on top of defaults, if any
+    settings = {}
+    settings.update(default_settings)
+    settings.update(config.get('settings', {}))
+    config['settings'] = settings
+
+    # Expand common config architectures into one dict, together with the
+    # special architectures
    if others:
+        # Ensure architectues are specified when using a generic config
        if "arch_matrix" not in config:
            print("arch_matrix is required if all/others is defined")
            return None
@ -42,6 +59,7 @@ def generate(config):
    
    pipelines = []

+    # Generate pipelines for every arch
    for arch, archconfig in archs.items():
        pipelines.append(generate_pipeline(config, arch, archconfig))

@ -52,12 +70,14 @@ def generate(config):


 def generate_pipeline(config, arch, archconfig):
-    pipeline = {
-        'kind': 'pipeline',
-        'type': 'docker',
+    settings = config['settings']
+
+    pipeline = {}
+    pipeline.update(settings['pipeline'])
+    pipeline.update({
        'name': arch,
        'platform': PLATFORMS[arch]
-    }
+    })

    steps = []

@ -73,7 +93,7 @@ def generate_pipeline(config, arch, archconfig):
    pull_set = False
    for pkgconfig in archconfig:
        stepcfg = step_git(pkgconfig) if is_git(pkgconfig) else step_aur(pkgconfig)
-        stepcfg['image'] = DOCKER_IMAGE.format(arch=arch)
+        stepcfg['image'] = settings['images']['build'].format(arch=arch)

        if not pull_set:
            # Ensure the image is pulled in the first step
@ -82,10 +102,14 @@ def generate_pipeline(config, arch, archconfig):

        steps.append(stepcfg)

-    steps += upload_steps(arch)
+    # Add additional steps
+    for step in settings.get('additional_steps', []):
+        image = settings['images'][step].format(arch=arch)
+        step_fn = ADDITIONAL_STEPS[step]
+        steps.append(step_fn(image, arch, settings.get(step, {})))

-    if config.get('master_only', True):
    # Allow builds only in the master branch by default
+    if config.get('master_only', True):
        for step in steps:
            step['when'] = {'branch': ['master']}
    
@ -147,19 +171,35 @@ def step_git(pkgconfig):
        return None


-# TODO: probably it's better not to hardcode everything here
-def upload_steps(arch):
-    return [{
+def sign_step(image, arch, settings):
+    step = {
+        'name': 'sign',
+        'image': image,
+        'settings': {}
+    }
+    step['settings'].update(settings)
+    step['settings'].update({
+        'sign_dir': 'out'
+    })
+    return step
+
+
+def upload_step(image, arch, settings):
+    step = {
        'name': 'upload',
-        'image': 'plugins/s3',
-        'settings': {
-            'endpoint': 'https://objstor.depau.eu',
-            'bucket': 'archlinux-packages',
-            'access_key': {'from_secret': 'minio_user'},
-            'secret_key': {'from_secret': 'minio_passwd'},
+        'image': image,
+        'settings': {}
+    }
+    step['settings'].update(settings)
+    step['settings'].update({
        'source': 'out/*',
        'target': '/' + arch,
-            'strip_prefix': True,
-            'path_style': True
+        'strip_prefix': True
+    })
+    return step
+
+
+ADDITIONAL_STEPS = {
+    'sign': sign_step,
+    'upload': upload_step
 }
-    }]
--- a/settings.star
+++ b/settings.star
@ -0,0 +1,27 @@
+default_settings = {
+  'images': {
+    'build':  "depau/drone-makepkg:{arch}",
+    'sign':   "depau/drone-detach-sign:{arch}",
+    'upload': "plugins/s3"
+  },
+
+  'pipeline': {
+    'kind': 'pipeline',
+    'type': 'docker'
+  }
+ 
+  'additional_steps': ['sign', 'upload'],
+ 
+  'sign': {
+    'gpg_secret_key': {'from_secret': 'gpg_secret_key'},
+    'gpg_passphrase': {'from_secret': 'gpg_passphrase'}
+  },
+  
+  'upload': {
+    'endpoint': 'https://objstor.depau.eu',
+    'bucket': 'archlinux-packages',
+    'access_key': {'from_secret': 'minio_user'},
+    'secret_key': {'from_secret': 'minio_passwd'},
+    'path_style': True
+  }
+}