From 612fdff37766ee18a1443be82635156b2f085806 Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Sun, 24 Nov 2024 21:21:49 +0100 Subject: [PATCH] build: automatically update APT repository on release This uses https://github.com/kastelo/ezapt to generate and sign the archive, and uploads it to blob storage. --- .github/workflows/build-syncthing.yaml | 82 ++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml index 22811ca74..70cd9a9e8 100644 --- a/.github/workflows/build-syncthing.yaml +++ b/.github/workflows/build-syncthing.yaml @@ -725,6 +725,88 @@ jobs: with: args: sync objstore:${{ secrets.S3_BUCKET }}/release/${{ env.VERSION }} objstore:${{ secrets.S3_BUCKET }}/release/latest + # + # Push Debian/APT archive + # + + publish-apt: + name: Publish APT + if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release-')) + environment: signing + needs: + - basics + - package-debian + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Download packages + uses: actions/download-artifact@v4 + with: + name: debian-packages + path: packages + + - name: Set version + run: | + version=$(go run build.go version) + echo "Version: $version" + echo "VERSION=$version" >> $GITHUB_ENV + + # Decide whether packages should go to stable, candidate or nightly + - name: Prepare packages + run: | + kind=stable + if [[ $VERSION == *-rc.[0-9] ]] ; then + kind=candidate + elif [[ $VERSION == *-* ]] ; then + kind=nightly + fi + echo "Kind: $kind" + mkdir -p packages/syncthing/$kind + mv packages/*.deb packages/syncthing/$kind + + - name: Pull archive + uses: docker://docker.io/rclone/rclone:latest + env: + RCLONE_CONFIG_OBJSTORE_TYPE: s3 + RCLONE_CONFIG_OBJSTORE_PROVIDER: ${{ secrets.S3_PROVIDER }} + RCLONE_CONFIG_OBJSTORE_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }} + RCLONE_CONFIG_OBJSTORE_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }} + RCLONE_CONFIG_OBJSTORE_ENDPOINT: ${{ secrets.S3_ENDPOINT }} + RCLONE_CONFIG_OBJSTORE_REGION: ${{ secrets.S3_REGION }} + RCLONE_CONFIG_OBJSTORE_ACL: public-read + with: + args: sync objstore:syncthing-apt/dists dists + + - name: Prepare signing key + run: | + echo "$APT_GPG_KEYRING_BASE64" | base64 -d > keyring.pgp + env: + APT_GPG_KEYRING_BASE64: ${{ secrets.APT_GPG_KEYRING_BASE64 }} + + - name: Update archive + uses: docker://ghcr.io/kastelo/ezapt:latest + with: + args: + --add packages + --dists dists + --keyring keyring.pgp + + - name: Push archive + uses: docker://docker.io/rclone/rclone:latest + env: + RCLONE_CONFIG_OBJSTORE_TYPE: s3 + RCLONE_CONFIG_OBJSTORE_PROVIDER: ${{ secrets.S3_PROVIDER }} + RCLONE_CONFIG_OBJSTORE_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }} + RCLONE_CONFIG_OBJSTORE_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }} + RCLONE_CONFIG_OBJSTORE_ENDPOINT: ${{ secrets.S3_ENDPOINT }} + RCLONE_CONFIG_OBJSTORE_REGION: ${{ secrets.S3_REGION }} + RCLONE_CONFIG_OBJSTORE_ACL: public-read + with: + args: sync dists -v objstore:syncthing-apt/dists + # # Build and push to Docker Hub #