Skip to content

PPA Automated Releases #1895

PPA Automated Releases

PPA Automated Releases #1895

name: PPA Automated Releases
on:
push:
branches:
- "releases/[0-9]+.[0-9a-z]+.[0-9a-z]+"
tags:
- "v[0-9]+.[0-9a-z]+.[0-9a-z]+"
schedule:
- cron: "0 5 * * *"
jobs:
ppa-release-candidate:
name: PPA Releases
if: github.repository == 'mozilla-mobile/mozilla-vpn-client'
runs-on: ubuntu-latest
environment: PPA Automation
env:
DEBEMAIL: ${{ github.actor }}@users.noreply.github.com
DEBFULLNAME: ${{ github.actor }}
GITREF: ${{ github.ref }}
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
submodules: "recursive"
- uses: actions/setup-python@v5
with:
python-version: "3.9"
cache: "pip"
- run: pip install -r requirements.txt
- name: Install dependencies
shell: bash
run: |
sudo apt-get update
sudo apt-get install golang debhelper devscripts dput-ng -y
- name: Decision
id: decision
shell: bash
run: |
git clone --depth 1 -b ubuntu/devel git://git.launchpad.net/ubuntu/+source/distro-info-data
echo -n "releases=" >> $GITHUB_OUTPUT
tail -n+2 distro-info-data/ubuntu.csv | while read -r line; do
IFS=',' read -ra data <<< "$line"
now=$(date +%s)
if [ $(date -d "${data[5]}" +%s) -lt $now ]; then
echo "Ignoring release ${data[2]} -> eol ${data[5]}"
continue # Ignore EOL releases
fi
if [ $(date -d "${data[4]}" +%s) -gt $((now + 5184000)) ]; then
echo "Ignoring release ${data[2]} -> unreleased ${data[4]}"
continue # Ignore releases more than 60 days in the future
fi
echo "Targeting release ${data[2]}"
echo -n "${data[2]} " >> $GITHUB_OUTPUT
done
echo "" >> $GITHUB_OUTPUT
if [[ "$GITREF" == "refs/heads/main" ]]; then
echo "ppa-url=ppa:okirby/mozilla-vpn-nightly" >> $GITHUB_OUTPUT
if [[ ! -z $(git rev-list --after="25 hours" ${{github.sha}}) ]]; then
echo "submit-changes=true" >> $GITHUB_OUTPUT
fi
else
echo "ppa-url=ppa:okirby/mozilla-vpn-testing" >> $GITHUB_OUTPUT
echo "submit-changes=true" >> $GITHUB_OUTPUT
fi
- name: Build source bundle
shell: bash
run: ./scripts/linux/script.sh --source --gitref ${{github.ref}}
- name: Import signing keys
id: keys
shell: bash
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
GNUPGHOME: ${{ runner.temp }}/gnupg-data
run: |
mkdir -m700 $GNUPGHOME
echo "allow-preset-passphrase" > $GNUPGHOME/gpg-agent.conf
gpgconf --kill gpg-agent
echo "$GPG_PRIVATE_KEY" | gpg --import --batch
KEYID=$(gpg --with-colons --list-keys | grep -m1 '^fpr:' | tr -d [fpr:])
KEYGRIP=$(gpg --with-colons --with-keygrip --list-keys | grep -m1 '^grp:' | tr -d [grp:])
echo "$GPG_PASSWORD" | /lib/gnupg2/gpg-preset-passphrase --preset $KEYGRIP
echo "keyid=$KEYID" >> $GITHUB_OUTPUT
- name: Push VPN package to Launchpad PPA
shell: bash
working-directory: .tmp
if: ${{ steps.decision.outputs.submit-changes == 'true' }}
env:
KEYID: ${{ steps.keys.outputs.keyid }}
PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }}
PPA_URL: ${{ steps.decision.outputs.ppa-url }}
GNUPGHOME: ${{ runner.temp }}/gnupg-data
run: |
JOB_EXIT_CODE=0
PACKAGE_DSC_FILE=$(find . -name '*.dsc')
for dist in ${PPA_TARGET_DISTS}; do
dpkg-source -x ${PACKAGE_DSC_FILE} $(pwd)/mozillavpn-source/
PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Source)
PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Version)
PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1
dch -c $(pwd)/mozillavpn-source/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}"
(cd mozillavpn-source && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps)
dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes || JOB_EXIT_CODE=1
rm -rf $(pwd)/mozillavpn-source
done
exit $JOB_EXIT_CODE
- name: Push Keyring package to Launchpad PPA
shell: bash
working-directory: linux
if: startsWith(github.ref, 'refs/heads/') && ${{ steps.decision.outputs.submit-changes == 'true' }}
env:
KEYID: ${{ steps.keys.outputs.keyid }}
PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }}
PPA_URL: ${{ steps.decision.outputs.ppa-url }}
GNUPGHOME: ${{ runner.temp }}/gnupg-data
run: |
JOB_EXIT_CODE=0
for dist in ${PPA_TARGET_DISTS}; do
git checkout -- keyring/debian/changelog
PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l keyring/debian/changelog -S Source)
PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l keyring/debian/changelog -S Version)
PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1-build$(date +%Y%m%d%H%M%S)
dch -c keyring/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}"
(cd keyring && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps)
dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes || JOB_EXIT_CODE=1
done
exit $JOB_EXIT_CODE
- name: Uploading sources
uses: actions/upload-artifact@v4
if: always()
with:
name: Sources
path: .tmp
include-hidden-files: true