From d19fb7b7f17fd2a52b1e590c12689751f86b1183 Mon Sep 17 00:00:00 2001 From: Hussein Galal Date: Mon, 8 Jul 2024 19:55:38 +0300 Subject: [PATCH] GHA Migration (#71) * Remove drone Signed-off-by: galal-hussein * Add GHA for centos7 Signed-off-by: galal-hussein * Add the rest of distros Signed-off-by: galal-hussein * More fixes Signed-off-by: galal-hussein * Use vault's secrets Signed-off-by: galal-hussein --------- Signed-off-by: galal-hussein --- .drone.yml | 450 ---------------------------- .github/workflows/build.yml | 55 ++++ .github/workflows/release.yml | 262 ++++++++++++++++ Dockerfile.centos7.dapper | 5 +- Dockerfile.centos8.dapper | 4 +- Dockerfile.centos9.dapper | 4 +- Dockerfile.microos.dapper | 2 +- Dockerfile.slemicro.dapper | 2 +- Makefile | 25 +- policy/centos7/scripts/checksum | 22 ++ policy/centos7/scripts/sign | 9 + policy/centos7/scripts/upload-repo | 8 +- policy/centos8/scripts/checksum | 22 ++ policy/centos8/scripts/sign | 9 + policy/centos8/scripts/upload-repo | 8 +- policy/centos9/scripts/checksum | 22 ++ policy/centos9/scripts/sign | 9 + policy/centos9/scripts/upload-repo | 8 +- policy/microos/scripts/checksum | 22 ++ policy/microos/scripts/sign | 9 + policy/microos/scripts/upload-repo | 8 +- policy/slemicro/scripts/checksum | 22 ++ policy/slemicro/scripts/sign | 11 +- policy/slemicro/scripts/upload-repo | 8 +- 24 files changed, 518 insertions(+), 488 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/release.yml create mode 100755 policy/centos7/scripts/checksum create mode 100755 policy/centos8/scripts/checksum create mode 100755 policy/centos9/scripts/checksum create mode 100755 policy/microos/scripts/checksum create mode 100755 policy/slemicro/scripts/checksum diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index ac25d10..0000000 --- a/.drone.yml +++ /dev/null @@ -1,450 +0,0 @@ ---- -kind: pipeline -name: RPM Build EL7 - -platform: - os: linux - arch: amd64 - -steps: - - name: Build EL7 - image: rancher/dapper:v0.6.0 - commands: - - dapper -f Dockerfile.centos7.dapper policy/centos7/scripts/build - volumes: - - name: docker - path: /var/run/docker.sock - - - name: Sign RPM EL7 - image: centos:7 - environment: - PRIVATE_KEY: - from_secret: private_key - PRIVATE_KEY_PASS_PHRASE: - from_secret: private_key_pass_phrase - TESTING_PRIVATE_KEY: - from_secret: testing_private_key - TESTING_PRIVATE_KEY_PASS_PHRASE: - from_secret: testing_private_key_pass_phrase - commands: - - policy/centos7/scripts/sign - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: Yum Repo Upload EL7 - image: centos:7 - environment: - AWS_S3_BUCKET: - from_secret: aws_s3_bucket - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - TESTING_AWS_S3_BUCKET: - from_secret: testing_aws_s3_bucket - TESTING_AWS_ACCESS_KEY_ID: - from_secret: testing_aws_access_key_id - TESTING_AWS_SECRET_ACCESS_KEY: - from_secret: testing_aws_secret_access_key - commands: - - policy/centos7/scripts/upload-repo - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: GitHub Release EL7 - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-centos7-noarch.txt - checksum_flatten: true - files: - - "dist/centos7/**/*.rpm" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock ---- -kind: pipeline -name: RPM Build EL8 - -platform: - os: linux - arch: amd64 - -steps: - - name: Build EL8 - image: rancher/dapper:v0.6.0 - commands: - - dapper -f Dockerfile.centos8.dapper policy/centos8/scripts/build - volumes: - - name: docker - path: /var/run/docker.sock - - - name: Sign RPM EL8 - image: centos:7 - environment: - PRIVATE_KEY: - from_secret: private_key - PRIVATE_KEY_PASS_PHRASE: - from_secret: private_key_pass_phrase - TESTING_PRIVATE_KEY: - from_secret: testing_private_key - TESTING_PRIVATE_KEY_PASS_PHRASE: - from_secret: testing_private_key_pass_phrase - commands: - - policy/centos8/scripts/sign - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: Yum Repo Upload EL8 - image: centos:7 - environment: - AWS_S3_BUCKET: - from_secret: aws_s3_bucket - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - TESTING_AWS_S3_BUCKET: - from_secret: testing_aws_s3_bucket - TESTING_AWS_ACCESS_KEY_ID: - from_secret: testing_aws_access_key_id - TESTING_AWS_SECRET_ACCESS_KEY: - from_secret: testing_aws_secret_access_key - commands: - - policy/centos8/scripts/upload-repo - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: GitHub Release EL8 - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-centos8-noarch.txt - checksum_flatten: true - files: - - "dist/centos8/**/*.rpm" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock ---- -kind: pipeline -name: RPM Build EL9 - -platform: - os: linux - arch: amd64 - -steps: - - name: Build EL9 - image: rancher/dapper:v0.6.0 - commands: - - dapper -f Dockerfile.centos9.dapper policy/centos9/scripts/build - volumes: - - name: docker - path: /var/run/docker.sock - - - name: Sign RPM EL9 - image: centos:7 - environment: - PRIVATE_KEY: - from_secret: private_key - PRIVATE_KEY_PASS_PHRASE: - from_secret: private_key_pass_phrase - TESTING_PRIVATE_KEY: - from_secret: testing_private_key - TESTING_PRIVATE_KEY_PASS_PHRASE: - from_secret: testing_private_key_pass_phrase - commands: - - policy/centos9/scripts/sign - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: Yum Repo Upload EL9 - image: centos:7 - environment: - AWS_S3_BUCKET: - from_secret: aws_s3_bucket - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - TESTING_AWS_S3_BUCKET: - from_secret: testing_aws_s3_bucket - TESTING_AWS_ACCESS_KEY_ID: - from_secret: testing_aws_access_key_id - TESTING_AWS_SECRET_ACCESS_KEY: - from_secret: testing_aws_secret_access_key - commands: - - policy/centos9/scripts/upload-repo - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: GitHub Release EL9 - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-centos9-noarch.txt - checksum_flatten: true - files: - - "dist/centos9/**/*.rpm" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock ---- -kind: pipeline -name: RPM Build SLE - -platform: - os: linux - arch: amd64 - -steps: - - name: Build SLE - image: rancher/dapper:v0.6.0 - commands: - - dapper -f Dockerfile.microos.dapper policy/microos/scripts/build - volumes: - - name: docker - path: /var/run/docker.sock - - - name: Sign RPM SLE - image: centos:7 - environment: - PRIVATE_KEY: - from_secret: private_key - PRIVATE_KEY_PASS_PHRASE: - from_secret: private_key_pass_phrase - TESTING_PRIVATE_KEY: - from_secret: testing_private_key - TESTING_PRIVATE_KEY_PASS_PHRASE: - from_secret: testing_private_key_pass_phrase - commands: - - policy/microos/scripts/sign - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: Yum Repo Upload SLE - image: centos:7 - environment: - AWS_S3_BUCKET: - from_secret: aws_s3_bucket - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - TESTING_AWS_S3_BUCKET: - from_secret: testing_aws_s3_bucket - TESTING_AWS_ACCESS_KEY_ID: - from_secret: testing_aws_access_key_id - TESTING_AWS_SECRET_ACCESS_KEY: - from_secret: testing_aws_secret_access_key - commands: - - policy/microos/scripts/upload-repo - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: GitHub Release SLE - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-microos-noarch.txt - checksum_flatten: true - files: - - "dist/microos/**/*.rpm" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock ---- -kind: pipeline -name: RPM Build SLE MICRO - -platform: - os: linux - arch: amd64 - -steps: - - name: Build SLE MICRO - image: rancher/dapper:v0.6.0 - commands: - - dapper -f Dockerfile.slemicro.dapper policy/slemicro/scripts/build - volumes: - - name: docker - path: /var/run/docker.sock - - - name: Sign RPM SLE MICRO - image: centos:7 - environment: - PRIVATE_KEY: - from_secret: private_key - PRIVATE_KEY_PASS_PHRASE: - from_secret: private_key_pass_phrase - TESTING_PRIVATE_KEY: - from_secret: testing_private_key - TESTING_PRIVATE_KEY_PASS_PHRASE: - from_secret: testing_private_key_pass_phrase - commands: - - policy/slemicro/scripts/sign - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: Yum Repo Upload SLE MICRO - image: centos:7 - environment: - AWS_S3_BUCKET: - from_secret: aws_s3_bucket - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - TESTING_AWS_S3_BUCKET: - from_secret: testing_aws_s3_bucket - TESTING_AWS_ACCESS_KEY_ID: - from_secret: testing_aws_access_key_id - TESTING_AWS_SECRET_ACCESS_KEY: - from_secret: testing_aws_secret_access_key - commands: - - policy/slemicro/scripts/upload-repo - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: GitHub Release SLE MICRO - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-slemicro-noarch.txt - checksum_flatten: true - files: - - "dist/slemicro/**/*.rpm" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..01ed00b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,55 @@ +on: + push: + branches: + - master + pull_request: + +name: Build +permissions: + contents: read +jobs: + build-rpm-el7: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: build-rpm + run: | + make build-centos7 + build-rpm-el8: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: build-rpm + run: | + make build-centos8 + build-rpm-el9: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: build-rpm + run: | + make build-centos9 + build-rpm-slemicro: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: build-rpm + run: | + make build-slemicro + build-rpm-microos: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: build-rpm + run: | + make build-microos \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..579dd2e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,262 @@ +on: + push: + tags: + - "v*" + +env: + GH_TOKEN: ${{ github.token }} + +name: Release RPMs +permissions: + contents: write + id-token: write +jobs: + release-rpm-el7: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ; + + - name: build-rpm-el7 + run: | + make build-centos7 + + - name: sign-rpm-el7 + run: | + make sign-centos7 + env: + PRIVATE_KEY: ${{ env.PRIVATE_KEY }} + PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }} + TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }} + TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }} + + - name: upload-repo-el7 + run: | + make upload-centos7 + env: + COMBARCH: x86_64-amd64 + AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }} + TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }} + TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }} + + - name: github-rpm-release-el7 + run: | + gh release upload ${{ github.ref_name }} dist/centos7/noarch/* dist/centos7/source/* + release-rpm-el8: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ; + + - name: build-rpm-el8 + run: | + make build-centos8 + + - name: sign-rpm-el8 + run: | + make sign-centos8 + env: + PRIVATE_KEY: ${{ env.PRIVATE_KEY }} + PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }} + TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }} + TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }} + + - name: upload-repo-el8 + run: | + make upload-centos8 + env: + COMBARCH: x86_64-amd64 + AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }} + TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }} + TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }} + + - name: github-rpm-release-el8 + run: | + gh release upload ${{ github.ref_name }} dist/centos8/noarch/* dist/centos8/source/* + release-rpm-el9: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ; + + - name: build-rpm-el9 + run: | + make build-centos9 + + - name: sign-rpm-el9 + run: | + make sign-centos9 + env: + PRIVATE_KEY: ${{ env.PRIVATE_KEY }} + PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }} + TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }} + TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }} + + - name: upload-repo-el9 + run: | + make upload-centos9 + env: + COMBARCH: x86_64-amd64 + AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }} + TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }} + TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }} + + - name: github-rpm-release-el9 + run: | + gh release upload ${{ github.ref_name }} dist/centos9/noarch/* dist/centos9/source/* + release-rpm-microos: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ; + + - name: build-rpm-microos + run: | + make build-microos + + - name: sign-rpm-microos + run: | + make sign-microos + env: + PRIVATE_KEY: ${{ env.PRIVATE_KEY }} + PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }} + TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }} + TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }} + + - name: upload-repo-microos + run: | + make upload-microos + env: + COMBARCH: x86_64-amd64 + AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }} + TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }} + TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }} + + - name: github-rpm-release-microos + run: | + gh release upload ${{ github.ref_name }} dist/microos/noarch/* dist/microos/source/* + release-rpm-slemicro: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ; + secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ; + secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ; + + - name: build-rpm-slemicro + run: | + make build-slemicro + + - name: sign-rpm-slemicro + run: | + make sign-slemicro + env: + PRIVATE_KEY: ${{ env.PRIVATE_KEY }} + PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }} + TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }} + TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }} + + - name: upload-repo-slemicro + run: | + make upload-slemicro + env: + COMBARCH: x86_64-amd64 + AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }} + TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }} + TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }} + + - name: github-rpm-release-slemicro + run: | + gh release upload ${{ github.ref_name }} dist/slemicro/noarch/* dist/slemicro/source/* + + + + \ No newline at end of file diff --git a/Dockerfile.centos7.dapper b/Dockerfile.centos7.dapper index fde1b42..0a1e2a0 100644 --- a/Dockerfile.centos7.dapper +++ b/Dockerfile.centos7.dapper @@ -1,11 +1,14 @@ FROM centos:7 +RUN sed -i -e "s/mirrorlist.*//g" /etc/yum.repos.d/* +RUN sed -i -e "s/#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/linuxsoft.cern.ch\/centos-vault\//g" /etc/yum.repos.d/* + RUN yum install -y epel-release \ && yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils ENV DAPPER_SOURCE /source ENV DAPPER_OUTPUT ./dist -ENV DAPPER_ENV COMBARCH DRONE_TAG TAG +ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY ENV HOME ${DAPPER_SOURCE} WORKDIR ${DAPPER_SOURCE} diff --git a/Dockerfile.centos8.dapper b/Dockerfile.centos8.dapper index df18ce9..5ba0bca 100644 --- a/Dockerfile.centos8.dapper +++ b/Dockerfile.centos8.dapper @@ -1,11 +1,11 @@ FROM rockylinux:8 RUN yum install -y epel-release \ - && yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils + && yum install -y container-selinux git rpm-build selinux-policy-devel yum-utils pinentry python2-pip ca-certificates ENV DAPPER_SOURCE /source ENV DAPPER_OUTPUT ./dist -ENV DAPPER_ENV COMBARCH DRONE_TAG TAG +ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY ENV HOME ${DAPPER_SOURCE} WORKDIR ${DAPPER_SOURCE} diff --git a/Dockerfile.centos9.dapper b/Dockerfile.centos9.dapper index fce9cdd..24c4b1b 100644 --- a/Dockerfile.centos9.dapper +++ b/Dockerfile.centos9.dapper @@ -1,11 +1,11 @@ FROM quay.io/centos/centos:stream9 RUN yum install -y epel-release \ - && yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils + && yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils pinentry python-pip ca-certificates ENV DAPPER_SOURCE /source ENV DAPPER_OUTPUT ./dist -ENV DAPPER_ENV COMBARCH DRONE_TAG TAG +ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY ENV HOME ${DAPPER_SOURCE} WORKDIR ${DAPPER_SOURCE} diff --git a/Dockerfile.microos.dapper b/Dockerfile.microos.dapper index 4595100..0631bb5 100644 --- a/Dockerfile.microos.dapper +++ b/Dockerfile.microos.dapper @@ -8,7 +8,7 @@ RUN zypper install -y container-selinux git rpm-build selinux-policy-devel ENV DAPPER_SOURCE /source ENV DAPPER_OUTPUT ./dist -ENV DAPPER_ENV COMBARCH DRONE_TAG TAG +ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY ENV HOME ${DAPPER_SOURCE} WORKDIR ${DAPPER_SOURCE} diff --git a/Dockerfile.slemicro.dapper b/Dockerfile.slemicro.dapper index cca2a2f..b374b5e 100644 --- a/Dockerfile.slemicro.dapper +++ b/Dockerfile.slemicro.dapper @@ -6,7 +6,7 @@ RUN zypper in -y -n --force-resolution container-selinux git rpm-build selinux-p ENV DAPPER_SOURCE /source ENV DAPPER_OUTPUT ./dist -ENV DAPPER_ENV COMBARCH DRONE_TAG TAG +ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY ENV HOME ${DAPPER_SOURCE} WORKDIR ${DAPPER_SOURCE} diff --git a/Makefile b/Makefile index 5bee48d..192b8f5 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,6 @@ -CENTOS7_TARGETS := $(addprefix centos7-,$(shell ls policy/centos7/scripts)) -CENTOS8_TARGETS := $(addprefix centos8-,$(shell ls policy/centos8/scripts)) -MICROOS_TARGETS := $(addprefix microos-,$(shell ls policy/microos/scripts)) -SLEMICRO_TARGETS := $(addprefix slemicro-,$(shell ls policy/slemicro/scripts)) - +UPLOAD_TARGETS := $(addprefix upload-,$(shell ls policy/)) +BUILD_TARGETS := $(addprefix build-,$(shell ls policy/)) +SIGN_TARGETS := $(addprefix sign-,$(shell ls policy/)) .dapper: @echo Downloading dapper @curl -sL https://releases.rancher.com/dapper/latest/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp @@ -10,19 +8,16 @@ SLEMICRO_TARGETS := $(addprefix slemicro-,$(shell ls policy/slemicro/scripts)) @./.dapper.tmp -v @mv .dapper.tmp .dapper -$(CENTOS7_TARGETS): .dapper - ./.dapper -f Dockerfile.centos7.dapper $(@:centos7-%=%) - -$(CENTOS8_TARGETS): .dapper - ./.dapper -f Dockerfile.centos8.dapper $(@:centos8-%=%) +$(BUILD_TARGETS): .dapper + ./.dapper -f Dockerfile.$(@:build-%=%).dapper ./policy/$(@:build-%=%)/scripts/build -$(MICROOS_TARGETS): .dapper - ./.dapper -f Dockerfile.microos.dapper $(@:microos-%=%) +$(SIGN_TARGETS): .dapper + ./.dapper -f Dockerfile.centos7.dapper ./policy/$(@:sign-%=%)/scripts/sign -$(SLEMICRO_TARGETS): .dapper - ./.dapper -f Dockerfile.slemicro.dapper $(@:slemicro-%=%) +$(UPLOAD_TARGETS): .dapper + ./.dapper -f Dockerfile.centos7.dapper ./policy/$(@:upload-%=%)/scripts/upload-repo clean: rm -rf dist/ Dockerfile.*.dapper[0-9]* -.PHONY: $(CENTOS7_TARGETS) $(CENTOS8_TARGETS) $(MICROOS_TARGETS) $(SLEMICRO_TARGETS) clean +.PHONY: $(UPLOAD_TARGETS) $(BUILD_TARGETS) $(SIGN_TARGETS) clean diff --git a/policy/centos7/scripts/checksum b/policy/centos7/scripts/checksum new file mode 100755 index 0000000..8a25aab --- /dev/null +++ b/policy/centos7/scripts/checksum @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + + +cd $(dirname $0)/.. +ls -la +pwd + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/centos7/noarch/} +CHECKSUM_FILE=${CHECKSUM_FILE:-CHECKSUMsum-centos7-noarch.txt} +DEST_DIR=${DEST_DIR:-${CHECKSUM_DIR}} + +sumfile="${DEST_DIR}/${CHECKSUM_FILE}" + +touch "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep -v "sha256sum") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/policy/centos7/scripts/sign b/policy/centos7/scripts/sign index d5f44ff..048776b 100755 --- a/policy/centos7/scripts/sign +++ b/policy/centos7/scripts/sign @@ -46,3 +46,12 @@ expect eof lassign [wait] _ _ _ code exit \$code EOF + +# checksum rpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos7/noarch CHECKSUM_DIR=../../dist/centos7/noarch CHECKSUM_FILE=sha256sum-centos7-noarch.txt ./scripts/checksum +popd +# checksum srcrpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos7/noarch CHECKSUM_DIR=../../dist/centos7/source CHECKSUM_FILE=sha256sum-centos7-noarch.txt ./scripts/checksum +popd \ No newline at end of file diff --git a/policy/centos7/scripts/upload-repo b/policy/centos7/scripts/upload-repo index a65ba35..197779c 100755 --- a/policy/centos7/scripts/upload-repo +++ b/policy/centos7/scripts/upload-repo @@ -6,9 +6,11 @@ pushd $(dirname $0)/.. popd yum install -y epel-release -yum install -y git python2-pip python-deltarpm -pip install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' -pip install --cache-dir=/var/cache/pip/ \ +yum install -y git python2-pip python-deltarpm ca-certificates +export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt + +pip2 install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' +pip2 install --cache-dir=/var/cache/pip/ \ git+https://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e if [ -z "$RPM_CHANNEL" ]; then diff --git a/policy/centos8/scripts/checksum b/policy/centos8/scripts/checksum new file mode 100755 index 0000000..8a25aab --- /dev/null +++ b/policy/centos8/scripts/checksum @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + + +cd $(dirname $0)/.. +ls -la +pwd + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/centos7/noarch/} +CHECKSUM_FILE=${CHECKSUM_FILE:-CHECKSUMsum-centos7-noarch.txt} +DEST_DIR=${DEST_DIR:-${CHECKSUM_DIR}} + +sumfile="${DEST_DIR}/${CHECKSUM_FILE}" + +touch "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep -v "sha256sum") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/policy/centos8/scripts/sign b/policy/centos8/scripts/sign index 9e2ac08..71a71d2 100755 --- a/policy/centos8/scripts/sign +++ b/policy/centos8/scripts/sign @@ -46,3 +46,12 @@ expect eof lassign [wait] _ _ _ code exit \$code EOF + +# checksum rpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos8/noarch CHECKSUM_DIR=../../dist/centos8/noarch CHECKSUM_FILE=sha256sum-centos8-noarch.txt ./scripts/checksum +popd +# checksum srcrpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos8/noarch CHECKSUM_DIR=../../dist/centos8/source CHECKSUM_FILE=sha256sum-centos8-noarch.txt ./scripts/checksum +popd diff --git a/policy/centos8/scripts/upload-repo b/policy/centos8/scripts/upload-repo index fdafbf1..311f378 100755 --- a/policy/centos8/scripts/upload-repo +++ b/policy/centos8/scripts/upload-repo @@ -6,9 +6,11 @@ pushd $(dirname $0)/.. popd yum install -y epel-release -yum install -y git python2-pip python-deltarpm -pip install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' -pip install --cache-dir=/var/cache/pip/ \ +yum install -y git python2-pip python-deltarpm ca-certificates +export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt + +pip2 install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' +pip2 install --cache-dir=/var/cache/pip/ \ git+https://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e if [ -z "$RPM_CHANNEL" ]; then diff --git a/policy/centos9/scripts/checksum b/policy/centos9/scripts/checksum new file mode 100755 index 0000000..8a25aab --- /dev/null +++ b/policy/centos9/scripts/checksum @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + + +cd $(dirname $0)/.. +ls -la +pwd + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/centos7/noarch/} +CHECKSUM_FILE=${CHECKSUM_FILE:-CHECKSUMsum-centos7-noarch.txt} +DEST_DIR=${DEST_DIR:-${CHECKSUM_DIR}} + +sumfile="${DEST_DIR}/${CHECKSUM_FILE}" + +touch "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep -v "sha256sum") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/policy/centos9/scripts/sign b/policy/centos9/scripts/sign index 91e65ee..8bde524 100755 --- a/policy/centos9/scripts/sign +++ b/policy/centos9/scripts/sign @@ -46,3 +46,12 @@ expect eof lassign [wait] _ _ _ code exit \$code EOF + +# checksum rpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos9/noarch CHECKSUM_DIR=../../dist/centos9/noarch CHECKSUM_FILE=sha256sum-centos9-noarch.txt ./scripts/checksum +popd +# checksum srcrpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/centos9/noarch CHECKSUM_DIR=../../dist/centos9/source CHECKSUM_FILE=sha256sum-centos9-noarch.txt ./scripts/checksum +popd \ No newline at end of file diff --git a/policy/centos9/scripts/upload-repo b/policy/centos9/scripts/upload-repo index 80ee460..463ed66 100755 --- a/policy/centos9/scripts/upload-repo +++ b/policy/centos9/scripts/upload-repo @@ -6,9 +6,11 @@ pushd $(dirname $0)/.. popd yum install -y epel-release -yum install -y git python2-pip python-deltarpm -pip install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' -pip install --cache-dir=/var/cache/pip/ \ +yum install -y git python2-pip python-deltarpm ca-certificates +export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt + +pip2 install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' +pip2 install --cache-dir=/var/cache/pip/ \ git+https://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e if [ -z "$RPM_CHANNEL" ]; then diff --git a/policy/microos/scripts/checksum b/policy/microos/scripts/checksum new file mode 100755 index 0000000..8a25aab --- /dev/null +++ b/policy/microos/scripts/checksum @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + + +cd $(dirname $0)/.. +ls -la +pwd + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/centos7/noarch/} +CHECKSUM_FILE=${CHECKSUM_FILE:-CHECKSUMsum-centos7-noarch.txt} +DEST_DIR=${DEST_DIR:-${CHECKSUM_DIR}} + +sumfile="${DEST_DIR}/${CHECKSUM_FILE}" + +touch "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep -v "sha256sum") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/policy/microos/scripts/sign b/policy/microos/scripts/sign index 91a881d..b7537af 100755 --- a/policy/microos/scripts/sign +++ b/policy/microos/scripts/sign @@ -46,3 +46,12 @@ expect eof lassign [wait] _ _ _ code exit \$code EOF + +# checksum rpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/microos/noarch CHECKSUM_DIR=../../dist/microos/noarch CHECKSUM_FILE=sha256sum-microos-noarch.txt ./scripts/checksum +popd +# checksum srcrpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/microos/noarch CHECKSUM_DIR=../../dist/microos/source CHECKSUM_FILE=sha256sum-microos-noarch.txt ./scripts/checksum +popd \ No newline at end of file diff --git a/policy/microos/scripts/upload-repo b/policy/microos/scripts/upload-repo index dbb3db2..d976463 100755 --- a/policy/microos/scripts/upload-repo +++ b/policy/microos/scripts/upload-repo @@ -6,9 +6,11 @@ pushd $(dirname $0)/.. popd yum install -y epel-release -yum install -y git python2-pip python-deltarpm -pip install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' -pip install --cache-dir=/var/cache/pip/ \ +yum install -y git python2-pip python-deltarpm ca-certificates +export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt + +pip2 install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' +pip2 install --cache-dir=/var/cache/pip/ \ git+https://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e if [ -z "$RPM_CHANNEL" ]; then diff --git a/policy/slemicro/scripts/checksum b/policy/slemicro/scripts/checksum new file mode 100755 index 0000000..8a25aab --- /dev/null +++ b/policy/slemicro/scripts/checksum @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + + +cd $(dirname $0)/.. +ls -la +pwd + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/centos7/noarch/} +CHECKSUM_FILE=${CHECKSUM_FILE:-CHECKSUMsum-centos7-noarch.txt} +DEST_DIR=${DEST_DIR:-${CHECKSUM_DIR}} + +sumfile="${DEST_DIR}/${CHECKSUM_FILE}" + +touch "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep -v "sha256sum") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/policy/slemicro/scripts/sign b/policy/slemicro/scripts/sign index 562af43..59ea3ee 100755 --- a/policy/slemicro/scripts/sign +++ b/policy/slemicro/scripts/sign @@ -1,5 +1,5 @@ #!/bin/bash -set -e -x +set -e -x yum install -y rpm-sign expect git @@ -46,3 +46,12 @@ expect eof lassign [wait] _ _ _ code exit \$code EOF + +# checksum rpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/slemicro/noarch CHECKSUM_DIR=../../dist/slemicro/noarch CHECKSUM_FILE=sha256sum-slemicro-noarch.txt ./scripts/checksum +popd +# checksum srcrpms +pushd $(dirname $0)/.. +DEST_DIR=../../dist/slemicro/noarch CHECKSUM_DIR=../../dist/slemicro/source CHECKSUM_FILE=sha256sum-slemicro-noarch.txt ./scripts/checksum +popd \ No newline at end of file diff --git a/policy/slemicro/scripts/upload-repo b/policy/slemicro/scripts/upload-repo index cd8124d..5ada2d5 100755 --- a/policy/slemicro/scripts/upload-repo +++ b/policy/slemicro/scripts/upload-repo @@ -6,9 +6,11 @@ pushd $(dirname $0)/.. popd yum install -y epel-release -yum install -y git python2-pip python-deltarpm -pip install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' -pip install --cache-dir=/var/cache/pip/ \ +yum install -y git python2-pip python-deltarpm ca-certificates +export REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt + +pip2 install --cache-dir=/var/cache/pip --upgrade 'boto3==1.17.112' 'pip<21.0' 'setuptools<45.0' +pip2 install --cache-dir=/var/cache/pip/ \ git+https://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e if [ -z "$RPM_CHANNEL" ]; then