Skip to content

Commit

Permalink
Tweak conditional publishing for RPMs & DEBs
Browse files Browse the repository at this point in the history
This patch makes a couple changes:

  1. deb archives are not published to apt if they're not the latest
     release ever
  2. both rpm and deb archives are no longer published to yum / apt if
     they contain any pre-release indicator or build metadata
  3. nothing is published if the commit isn't tagged.

Contributes to #8166
  • Loading branch information
wadells committed Dec 20, 2021
1 parent 33b34cb commit d7953d9
Showing 1 changed file with 23 additions and 19 deletions.
42 changes: 23 additions & 19 deletions .drone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4086,6 +4086,11 @@ clone:
disable: true

steps:
- name: Check if commit is tagged
image: alpine
commands:
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"

- name: Download artifacts from S3
image: amazon/aws-cli
environment:
Expand Down Expand Up @@ -4239,25 +4244,14 @@ steps:
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
# step, as there is a chance that everything afterwards will be skipped.
#
# this step exits early and skips all remanining steps in the pipeline if the
# tag looks like a pre-release, to avoid publishing RPMs for pre-release builds.
- name: Determine whether RPM/DEB packages should be published to repos
image: docker
# this step exits early and skips all remaining steps in the pipeline if the
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
# our yum / apt repos.
- name: Check if tag is prerelease
image: golang:1.17-alpine
commands:
- |
if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then
echo "---> Not publishing ${DRONE_REPO} packages to repos"
exit 78
fi
# length will be 0 after filtering if this is a pre-release, >0 otherwise
FILTERED_TAG_LENGTH=$(echo ${DRONE_TAG} | egrep -v '(alpha|beta|dev|rc)' | wc -c)
if [ $$FILTERED_TAG_LENGTH -eq 0 ]; then
echo "---> ${DRONE_TAG} looks like a pre-release, not publishing packages to repos"
# exit pipeline early with success status
exit 78
else
echo "---> Publishing packages to repos for ${DRONE_TAG}"
fi
- cd build.assets/version-check-prerelease
- go run . -tag ${DRONE_TAG} || (echo '---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos' && exit 78)

- name: Download RPM repo contents
image: amazon/aws-cli
Expand Down Expand Up @@ -4305,6 +4299,16 @@ steps:
commands:
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/

# This step skips all remaining steps in the pipeline if the tag
# is not the highest semver *ever* released, to avoid publishing DEBs
# that would cause apt users to downgrade. For more info see:
# https://github.com/gravitational/teleport/issues/8166
- name: Check if tag is latest
image: golang:1.17-alpine
commands:
- cd build.assets/version-check-latest
- go run . -tag ${DRONE_TAG} || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)

- name: Download DEB repo contents
image: amazon/aws-cli
environment:
Expand Down Expand Up @@ -4455,6 +4459,6 @@ steps:

---
kind: signature
hmac: e8f56ab8915f54bfd514b826b501f7368e30f841f5e79075def8df955cc455cc
hmac: 2b41652e9939b070ee228b8c1491d1441bf9d56cef2fcf66dfa9f8a45a0e7b4a

...

0 comments on commit d7953d9

Please sign in to comment.