-
Notifications
You must be signed in to change notification settings - Fork 8
243 lines (215 loc) · 8.87 KB
/
update_sign_yum.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
name: Update Yum Repository
on:
schedule:
- cron: "0 2 * * 0"
workflow_dispatch:
env:
CENTOS_RELEASES: "7 8"
ROCKY_RELEASES: "8"
ERLANG_VERSIONS: "24 25 26 27"
ELIXIR_VERSIONS: "1.16 1.15 1.14 1.13 1.12"
MONGOOSEIM_VERSIONS: "5 6"
AWS_REGION: "eu-west-2"
AWS_SOURCE_BUCKET: "esl-erlang"
AWS_DESTINATION_BUCKET: "esl-packages"
AWS_BINARIES_BUCKET: "binaries2.erlang-solutions.com"
ARCHITECTURE: "x86_64,noarch"
jobs:
update-repo:
runs-on: ubuntu-latest
steps:
# Install dependencies required by the scripts
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y awscli dpkg-sig gnupg createrepo-c
# Configure Credentials for AWS
- name: Set AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
# Clean files from Destination S3 to avoid metadata issues
- name: Clean previous RPM files from destination Bucket
run: |
aws s3 rm s3://$AWS_DESTINATION_BUCKET/centos/ --recursive
aws s3 rm s3://$AWS_DESTINATION_BUCKET/rockylinux/ --recursive
# Run the script to create the repositories for ESL-erlang
- name: Create Repositories
run: |
for distro in $CENTOS_RELEASES $ROCKY_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
mkdir -p "$distro/esl-erlang-$erlang"
createrepo_c "$distro/esl-erlang-$erlang"
done
done
# Run the script to create the repositories for Elixir
- name: Create Elixir Repositories
run: |
for distro in $CENTOS_RELEASES $ROCKY_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
mkdir -p "$distro/elixir-$elixir"
createrepo_c "$distro/elixir-$elixir"
done
done
# Run the script to create the repositories for MongooseIM
- name: Create Mongoose Repositories
run: |
for distro in $CENTOS_RELEASES $ROCKY_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
mkdir -p "$distro/mongooseim-$mongooseim"
createrepo_c "$distro/mongooseim-$mongooseim"
done
done
# Download .RPM files from S3
- name: Download RPM files
run: |
mkdir Packages
aws s3 sync s3://$AWS_SOURCE_BUCKET Packages --exclude "*" --include "*.rpm"
# Import GPG key
- name: Import keys
run: |
echo "${{ secrets.GPG_P_KEY }}" | tr ';' '\n' > RPM-GPG-KEY-pmanager
gpg --batch --import RPM-GPG-KEY-pmanager
gpg --batch --list-keys
gpg --batch --output RPM-GPG-KEY-pmanager.pub --armor --export ${{secrets.GPG_KEY_ID}}
rpm --import RPM-GPG-KEY-pmanager.pub
aws s3 sync . s3://$AWS_DESTINATION_BUCKET --acl public-read --exclude "*" --include "*.pub"
# Run the script to add the packages to the repositories and check sign
- name: Add RPM Packages to Repositories
run: |
for file in $(find Packages -name '*.rpm')
do
if [[ "$file" =~ (esl-erlang|elixir|mongooseim)_([0-9]+(\.[0-9]+)*(-[0-9]+)?)(_[0-9]+)?(_otp_[0-9.]+)?~(centos|rocky)~([0-9]+)_(x86_64|noarch)\.rpm$ ]]; then
if ! rpm -K "$file"; then
echo "File $file is not signed. Signing with key $GPG_KEY_ID."
rpm --addsign "$file"
fi
if [[ "${BASH_REMATCH[1]}" == "mongooseim" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}"
elif [[ "${BASH_REMATCH[1]}" == "esl-erlang" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}"
elif [[ "${BASH_REMATCH[1]}" == "elixir" ]]; then
repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%.*}"
fi
createrepo_c --update "$repo_name"
mv "$file" "$repo_name"
fi
done
# Upload RPM files to S3
- name: Upload rpm files to S3
run: |
aws s3 sync ./Packages/ s3://$AWS_DESTINATION_BUCKET --acl public-read
# Configure Yum Repository
- name: Configure yum repository
run: |
cat > esl-centos.repo << EOF
[esl]
name=ESL Erlang Repository
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
cat > elixir-centos.repo << EOF
[elixir]
name=Elixir Repository
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
cat > mongooseim-centos.repo << EOF
[mongooseim]
name=MongooseIM Repository
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/centos/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
cat > esl-rocky.repo << EOF
[esl]
name=ESL Erlang Repository for Rocky
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
cat > elixir-rocky.repo << EOF
[elixir]
name=Elixir Repository for Rocky
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
cat > mongooseim-rocky.repo << EOF
[mongooseim]
name=MongooseIM Repository for Rocky
baseurl=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky
gpgcheck=1
gpgkey=https://s3-$AWS_REGION.amazonaws.com/$AWS_DESTINATION_BUCKET/rocky/RPM-GPG-KEY-pmanager.pub
enabled=1
EOF
# Publish repositories to S3 Destination
- name: Publish repositories
run: |
for distro in $CENTOS_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
createrepo_c --update "$distro/esl-erlang-$erlang"
aws s3 sync "$distro/esl-erlang-$erlang" "s3://$AWS_DESTINATION_BUCKET/centos/esl-erlang-$erlang" --acl public-read
done
done
for distro in $CENTOS_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
createrepo_c --update "$distro/elixir-$elixir"
aws s3 sync "$distro/elixir-$elixir" "s3://$AWS_DESTINATION_BUCKET/centos/elixir-$elixir" --acl public-read
done
done
for distro in $CENTOS_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
createrepo_c --update "$distro/mongooseim-$mongooseim"
aws s3 sync "$distro/mongooseim-$mongooseim" "s3://$AWS_DESTINATION_BUCKET/centos/mongooseim-$mongooseim" --acl public-read
done
done
for distro in $ROCKY_RELEASES
do
for erlang in $ERLANG_VERSIONS
do
createrepo_c --update "$distro/esl-erlang-$erlang"
aws s3 sync "$distro/esl-erlang-$erlang" "s3://$AWS_DESTINATION_BUCKET/rockylinux/esl-erlang-$erlang" --acl public-read
done
done
for distro in $ROCKY_RELEASES
do
for elixir in $ELIXIR_VERSIONS
do
createrepo_c --update "$distro/elixir-$elixir"
aws s3 sync "$distro/elixir-$elixir" "s3://$AWS_DESTINATION_BUCKET/rockylinux/elixir-$elixir" --acl public-read
done
done
for distro in $ROCKY_RELEASES
do
for mongooseim in $MONGOOSEIM_VERSIONS
do
createrepo_c --update "$distro/mongooseim-$mongooseim"
aws s3 sync "$distro/mongooseim-$mongooseim" "s3://$AWS_DESTINATION_BUCKET/rockylinux/mongooseim-$mongooseim" --acl public-read
done
done
# Sync Normalized and Signed Packages to Binaries2
- name: Sync Packages to Binaries2
run: |
aws s3 sync s3://$AWS_DESTINATION_BUCKET s3://$AWS_BINARIES_BUCKET