From 78b4bbf3572132327f23ed2c531ea69cf42eb1d0 Mon Sep 17 00:00:00 2001 From: Mustafa Kara Date: Thu, 21 Apr 2022 16:41:50 +0300 Subject: [PATCH] Create makefile and pipeline to generate signed debian packages. (#2068) * Integrate GitLab Pipeline to Build Signed Packages Signed-off-by: Mustafa Kara * Fix Ci Pipeline Location Signed-off-by: Mustafa Kara * Implement gitlabci and Makefile to build linux packages Signed-off-by: Mustafa Kara * Improve makefile and pipeline to support customizable package action Signed-off-by: Mustafa Kara * Fix variable definition Signed-off-by: Mustafa Kara * Fix variable definition Signed-off-by: Mustafa Kara * Fix makefile formatting Signed-off-by: Mustafa Kara * Fix SSH key problem Signed-off-by: Mustafa Kara * Fix extended echo Signed-off-by: Mustafa Kara * Fix makefile for ssh keys issue Signed-off-by: Mustafa Kara * Parameterize sign artifacts Signed-off-by: Mustafa Kara * Change artifact directory Signed-off-by: Mustafa Kara * Fix package make command Signed-off-by: Mustafa Kara * Add Sign step to pipeline Signed-off-by: Mustafa Kara * Fix pipeline code for version Signed-off-by: Mustafa Kara * Fix makefile for version Signed-off-by: Mustafa Kara * Fix pipeline code Signed-off-by: Mustafa Kara * Fix Makefile for fast package-linux action Signed-off-by: Mustafa Kara * Fix Makefile for version Signed-off-by: Mustafa Kara * Create Sign Action Signed-off-by: Mustafa Kara * Move dependency installations to container Signed-off-by: Mustafa Kara * Add jq dependency check Signed-off-by: Mustafa Kara * Implement sign debian artifacts step Signed-off-by: Mustafa Kara * Fix Makefile spacing Signed-off-by: Mustafa Kara * Fix Makefile spacing Signed-off-by: Mustafa Kara * FIx artifacts for debian only Signed-off-by: Mustafa Kara * Fix artifacts directory Signed-off-by: Mustafa Kara * Implement signing via Makefile way Signed-off-by: Mustafa Kara * Modify Makefile for aptly packaging Signed-off-by: Mustafa Kara * Fix pipeline for aptly Signed-off-by: Mustafa Kara * Fix foreach loop in Makefile Signed-off-by: Mustafa Kara * Fix repo gpg key Signed-off-by: Mustafa Kara * Fix Repo Public Key issue Signed-off-by: Mustafa Kara * Get PGP key with wget Signed-off-by: Mustafa Kara * Change gpg implementation Signed-off-by: Mustafa Kara * Configure aptly Signed-off-by: Mustafa Kara * Fix missing release variable Signed-off-by: Mustafa Kara * Fix Frozen Makefile Signed-off-by: Mustafa Kara * Publish packages to apt repository Signed-off-by: Mustafa Kara * Configure variables for pipeline Signed-off-by: Mustafa Kara * Configure Package Linux Job Signed-off-by: Mustafa Kara * Fix Pipeline Code Signed-off-by: Mustafa Kara * Create rules for pipeline Signed-off-by: Mustafa Kara * COnfigure nightly branch Signed-off-by: Mustafa Kara * FIx broken branch name Signed-off-by: Mustafa Kara * Improve makefile to use build type variable Signed-off-by: Mustafa Kara * Fix nightly branch Signed-off-by: Mustafa Kara * Fix makefile Signed-off-by: Mustafa Kara * Fix Makefile Signed-off-by: Mustafa Kara * Install JQ Signed-off-by: Mustafa Kara * Remove need of version dedection Signed-off-by: Mustafa Kara * Fix sign operation Signed-off-by: Mustafa Kara * Create files to prepare signed artifacts Signed-off-by: Mustafa Kara * Create gitlab pipeline to use for desktop builds Signed-off-by: Mustafa Kara * Remove aptly conf Signed-off-by: Mustafa Kara * Sort makefile commands Signed-off-by: Mustafa Kara --- .gitlab-ci.yml | 8 ++++++++ Makefile | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 Makefile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..7ffb63d3 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,8 @@ +--- + +include: + - project: mattermost/ci/desktop + ref: main + file: private.yml + + diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..14767d58 --- /dev/null +++ b/Makefile @@ -0,0 +1,56 @@ +SIGNER?="origin" + +GPG=$(shell command which gpg || echo "N/A") +DPKG_SIG=$(shell command which dpkg-sig || echo "N/A") + +define sign_debian_package + dpkg-sig -k ${GPG_KEY_ID} --sign ${SIGNER} $1 + dpkg-sig --verify $1 +endef + +.PHONY: check-sign-linux-deb +check-sign-linux-deb: ##Check running environment to sign debian packages +ifeq ("$(GPG)","N/A") + @echo "Path does not contain gpg executable. Consider install!" + @exit 128 +else + @echo "gpg Found in path!" +endif +ifeq ("$(DPKG_SIG)","N/A") + @echo "Path does not contain dpkg_sig executable. Consider install!" + @exit 128 +else + @echo "dpkg_sig Found in path!" +endif +ifndef GPG_KEY_ID + @echo "Please define GPG_KEY_ID environment variable!" + @exit 128 +else + @echo "GPG_KEY_ID is defined" +endif + +.PHONY: npm-ci +npm-ci: ## Install all npm dependencies + PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 npm ci + +.PHONY: package +package: package-linux-deb ## Generates packages for all environments + +.PHONY: package-linux-deb +package-linux-deb: npm-ci ## Generates linux packages under build/linux folder + npm run package:linux-deb + mkdir -p artifacts + find ./release -name '*.deb' -exec cp "{}" artifacts/ \; + + +.PHONY: sign +sign: sign-linux-deb ## Sign packages in artifacts directory + +.PHONY: sign-linux-deb +sign-linux-deb: check-sign-linux-deb ## Sign debian packages + $(foreach file, $(wildcard artifacts/*.deb), $(call sign_debian_package,${file});) + +## Help documentation à la https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html +help: + @grep -E '^[0-9a-zA-Z_-]+:.*?## .*$$' ./Makefile | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' +