Skip to content
Update Apt Repository

Update Apt Repository #193

Sign in to view logs

Update Apt Repository

Update Apt Repository #193

Workflow file for this run

.github/workflows/update_sign_apt.yaml at 626d538
name: Update Apt Repository
on:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch:
env:
DEBIAN_RELEASES: "stretch buster bullseye"
UBUNTU_RELEASES: "noble jammy xenial bionic focal"
ERLANG_VERSIONS: "24 25 26 27"
ELIXIR_VERSIONS: "1.16 1.15 1.14 1.13 1.12"
MONGOOSEIM_VERSIONS: "5 6"
AWS_REGION: "eu-west-2"
AWS_SOURCE_BUCKET: "esl-erlang"
AWS_DESTINATION_BUCKET: "esl-packages"
AWS_BINARIES_BUCKET: "binaries2.erlang-solutions.com"
ARCHITECTURE: "amd64,arm64"
GPG_PASS: "${{ secrets.GPG_PASS }}"
jobs:
update-repo:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
# Install dependencies required by the scripts
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y aptly awscli dpkg-sig gnupg python3-pip zstd
pip3 install boto3
# Configure Credentials for AWS
- name: Set AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- id: install-aws-cli
uses: unfor19/[email protected]
with:
version: 2 # default
verbose: false # default
arch: amd64
# Clean files from Destination S3 to avoid metadata issues
- name: Clean previous deb files from destination Bucket
run: |
aws s3 rm s3://$AWS_DESTINATION_BUCKET/debian --recursive
aws s3 rm s3://$AWS_DESTINATION_BUCKET/ubuntu --recursive
# Run the script to create the repositories for ESL-erlang
- name: Create Repositories
run: |
for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
aptly repo create "$distro/esl-erlang-$erlang"
done
done
# Run the script to create the repositories for Elixir
- name: Create Elixir Repositories
run: |
for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
aptly repo create "$distro/elixir-$elixir"
done
done
# Run the script to create the repositories for MongooseIM
- name: Create Mongoose Repositories
run: |
for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
aptly repo create "$distro/mongooseim-$mongooseim"
done
done
# Download .deb files from S3
- name: Download deb files
run: |
mkdir Packages
aws s3 sync s3://$AWS_SOURCE_BUCKET Packages --exclude "*" --include "*.deb"
# After "Download deb files" step
- name: Handle Zstandard Compression
run: |
for file in $(find Packages -name '*.deb'); do
echo "Processing $file"
mkdir -p temp_dir
cd temp_dir
# Extract .deb package
ar x ../$file
# Check if control.tar.zst exists and decompress
if [ -f control.tar.zst ]; then
echo "$file has a Zstandard compressed control file. Converting..."
# Decompress control.tar.zst to control.tar
unzstd control.tar.zst
# Verify if control.tar exists after decompression
if [ -f control.tar ]; then
# Check the contents of control.tar before extracting
tar -tf control.tar
# Extract files from control.tar only if it contains expected files
if tar -tf control.tar | grep -qE 'control|postinst|preinst|postrm|prerm'; then
# Create directory to extract the contents of control.tar
mkdir -p control_dir
tar -xf control.tar -C control_dir
# Re-compress to control.tar.gz
tar -czf control.tar.gz -C control_dir .
# Re-create the directory structure for the new .deb file
new_file_path="../new_$file"
mkdir -p "$(dirname "$new_file_path")"
# Re-package .deb without .zst, using control.tar.gz
ar rcs "$new_file_path" debian-binary control.tar.gz data.tar.xz
# Replace the original file with the new one
mv "$new_file_path" ../$file
else
echo "Warning: control.tar in $file does not contain expected control files. Skipping."
fi
else
echo "Error: Failed to decompress control.tar.zst in $file"
fi
fi
# Clean up temporary directory
cd ..
rm -rf temp_dir
done
# Run the script to add the packages to the repositories and check sign
- name: Add Packages to Repositories
run: |
for file in $(find Packages -name '*.deb')
do
if [[ "$file" =~ (esl-erlang|elixir|mongooseim)_([0-9]+(\.[0-9]+)*(-[0-9]+)?)(_[0-9]+)?(_otp_[0-9.]+)?~(debian|ubuntu)~([a-z]+)_(amd64|arm64|all)\.deb$ ]]; then
if ! dpkg-sig --verify "$file" >/dev/null 2>&1; then
echo "File $file is not signed. Signing with key $GPG_KEY_ID."
dpkg-sig -g "--no-tty --passphrase $GPG_PASS" -k $GPG_KEY_ID "$file"
fi
if [[ "${BASH_REMATCH[1]}" == "mongooseim" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}"
elif [[ "${BASH_REMATCH[1]}" == "esl-erlang" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}"
elif [[ "${BASH_REMATCH[1]}" == "elixir" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%.*}"
fi
aptly repo add --force-replace "$repo_name" "$file"
fi
done
#Configure Aptly
- name: Configure aptly.conf
run: |
echo '{
"S3PublishEndpoints": {
"esl-packages": {
"region": "eu-west-2",
"bucket": "esl-packages",
"awsAccessKeyID": "${{ secrets.AWS_ACCESS_KEY_ID }}",
"awsSecretAccessKey": "${{ secrets.AWS_SECRET_ACCESS_KEY }}",
"awsRegion": "eu-west-2",
"acl": "public-read"
}
}
}' > aptly.conf
sudo mv aptly.conf ~/.aptly.conf
# Retrieve GPG key and passphrase from GitHub Actions secrets
- name: Import keys
run: |
echo "${{ secrets.GPG_P_KEY }}" | tr ';' '\n' > GPG-KEY-pmanager
gpg --batch --import GPG-KEY-pmanager
gpg --batch --list-keys
gpg --batch --output GPG-KEY-pmanager.asc --armor --export ${{ secrets.GPG_KEY_ID }}
aws s3 sync . s3://esl-packages --acl public-read --exclude "*" --include "*.asc" --include "*.json"
# Publish the repositories for ESL-Erlang to S3 Destination
- name: Publish esl-erlang repositories
run: |
for distro in $DEBIAN_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-esl-erlang-$erlang" -gpg-key="${{ secrets.GPG_KEY_ID }}" -passphrase="${{ secrets.GPG_PASS }}" "$distro/esl-erlang-$erlang" s3:$AWS_DESTINATION_BUCKET:debian/
done
done
for distro in $UBUNTU_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-esl-erlang-$erlang" -gpg-key="${{ secrets.GPG_KEY_ID }}" -passphrase="${{ secrets.GPG_PASS }}" "$distro/esl-erlang-$erlang" s3:$AWS_DESTINATION_BUCKET:ubuntu/
done
done
# Publish the repositories for Elixir to S3 Destination
- name: Publish elixir repositories
run: |
for distro in $DEBIAN_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-elixir-$elixir" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/elixir-$elixir" s3:$AWS_DESTINATION_BUCKET:debian/
done
done
for distro in $UBUNTU_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-elixir-$elixir" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/elixir-$elixir" s3:$AWS_DESTINATION_BUCKET:ubuntu/
done
done
# Publish the repositories for MongooseIM to S3 Destination
- name: Publish MongooseIM Repositories
run: |
for distro in $DEBIAN_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-mongooseim-$mongooseim" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/mongooseim-$mongooseim" s3:$AWS_DESTINATION_BUCKET:debian/
done
done
for distro in $UBUNTU_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-mongooseim-$mongooseim" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/mongooseim-$mongooseim" s3:$AWS_DESTINATION_BUCKET:ubuntu/
done
done
# Sync Normalized and Signed Packages to Binaries2
- name: Sync Packages to Binaries2
run: |
aws s3 sync s3://$AWS_DESTINATION_BUCKET s3://AWS_BINARIES_BUCKET