PPA Automated Releases #1900
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PPA Automated Releases | |
on: | |
push: | |
branches: | |
- "releases/[0-9]+.[0-9a-z]+.[0-9a-z]+" | |
tags: | |
- "v[0-9]+.[0-9a-z]+.[0-9a-z]+" | |
schedule: | |
- cron: "0 5 * * *" | |
jobs: | |
ppa-release-candidate: | |
name: PPA Releases | |
if: github.repository == 'mozilla-mobile/mozilla-vpn-client' | |
runs-on: ubuntu-latest | |
environment: PPA Automation | |
env: | |
DEBEMAIL: ${{ github.actor }}@users.noreply.github.com | |
DEBFULLNAME: ${{ github.actor }} | |
GITREF: ${{ github.ref }} | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: "recursive" | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.9" | |
cache: "pip" | |
- run: pip install -r requirements.txt | |
- name: Install dependencies | |
shell: bash | |
run: | | |
sudo apt-get update | |
sudo apt-get install golang debhelper devscripts dput-ng -y | |
- name: Decision | |
id: decision | |
shell: bash | |
run: | | |
git clone --depth 1 -b ubuntu/devel git://git.launchpad.net/ubuntu/+source/distro-info-data | |
echo -n "releases=" >> $GITHUB_OUTPUT | |
tail -n+2 distro-info-data/ubuntu.csv | while read -r line; do | |
IFS=',' read -ra data <<< "$line" | |
now=$(date +%s) | |
if [ $(date -d "${data[5]}" +%s) -lt $now ]; then | |
echo "Ignoring release ${data[2]} -> eol ${data[5]}" | |
continue # Ignore EOL releases | |
fi | |
if [ $(date -d "${data[4]}" +%s) -gt $((now + 5184000)) ]; then | |
echo "Ignoring release ${data[2]} -> unreleased ${data[4]}" | |
continue # Ignore releases more than 60 days in the future | |
fi | |
echo "Targeting release ${data[2]}" | |
echo -n "${data[2]} " >> $GITHUB_OUTPUT | |
done | |
echo "" >> $GITHUB_OUTPUT | |
if [[ "$GITREF" == "refs/heads/main" ]]; then | |
echo "ppa-url=ppa:okirby/mozilla-vpn-nightly" >> $GITHUB_OUTPUT | |
if [[ ! -z $(git rev-list --after="25 hours" ${{github.sha}}) ]]; then | |
echo "submit-changes=true" >> $GITHUB_OUTPUT | |
fi | |
else | |
echo "ppa-url=ppa:okirby/mozilla-vpn-testing" >> $GITHUB_OUTPUT | |
echo "submit-changes=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Build source bundle | |
shell: bash | |
run: ./scripts/linux/script.sh --source --gitref ${{github.ref}} | |
- name: Import signing keys | |
id: keys | |
shell: bash | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} | |
GNUPGHOME: ${{ runner.temp }}/gnupg-data | |
run: | | |
mkdir -m700 $GNUPGHOME | |
echo "allow-preset-passphrase" > $GNUPGHOME/gpg-agent.conf | |
gpgconf --kill gpg-agent | |
echo "$GPG_PRIVATE_KEY" | gpg --import --batch | |
KEYID=$(gpg --with-colons --list-keys | grep -m1 '^fpr:' | tr -d [fpr:]) | |
KEYGRIP=$(gpg --with-colons --with-keygrip --list-keys | grep -m1 '^grp:' | tr -d [grp:]) | |
echo "$GPG_PASSWORD" | /lib/gnupg2/gpg-preset-passphrase --preset $KEYGRIP | |
echo "keyid=$KEYID" >> $GITHUB_OUTPUT | |
- name: Push VPN package to Launchpad PPA | |
shell: bash | |
working-directory: .tmp | |
if: ${{ steps.decision.outputs.submit-changes == 'true' }} | |
env: | |
KEYID: ${{ steps.keys.outputs.keyid }} | |
PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }} | |
PPA_URL: ${{ steps.decision.outputs.ppa-url }} | |
GNUPGHOME: ${{ runner.temp }}/gnupg-data | |
run: | | |
JOB_EXIT_CODE=0 | |
PACKAGE_DSC_FILE=$(find . -name '*.dsc') | |
for dist in ${PPA_TARGET_DISTS}; do | |
dpkg-source -x ${PACKAGE_DSC_FILE} $(pwd)/mozillavpn-source/ | |
PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Source) | |
PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Version) | |
PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1 | |
dch -c $(pwd)/mozillavpn-source/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}" | |
(cd mozillavpn-source && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps) | |
dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes || JOB_EXIT_CODE=1 | |
rm -rf $(pwd)/mozillavpn-source | |
done | |
exit $JOB_EXIT_CODE | |
- name: Push Keyring package to Launchpad PPA | |
shell: bash | |
working-directory: linux | |
if: startsWith(github.ref, 'refs/heads/') && ${{ steps.decision.outputs.submit-changes == 'true' }} | |
env: | |
KEYID: ${{ steps.keys.outputs.keyid }} | |
PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }} | |
PPA_URL: ${{ steps.decision.outputs.ppa-url }} | |
GNUPGHOME: ${{ runner.temp }}/gnupg-data | |
run: | | |
JOB_EXIT_CODE=0 | |
for dist in ${PPA_TARGET_DISTS}; do | |
git checkout -- keyring/debian/changelog | |
PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l keyring/debian/changelog -S Source) | |
PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l keyring/debian/changelog -S Version) | |
PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1-build$(date +%Y%m%d%H%M%S) | |
dch -c keyring/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}" | |
(cd keyring && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps) | |
dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes || JOB_EXIT_CODE=1 | |
done | |
exit $JOB_EXIT_CODE | |
- name: Uploading sources | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: Sources | |
path: .tmp | |
include-hidden-files: true |