PPA Automated Releases #1905

Summary
Jobs
- PPA Releases
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/ppa-automation.yaml at 5291b30

	name: PPA Automated Releases
	on:
	push:
	branches:
	- "releases/[0-9]+.[0-9a-z]+.[0-9a-z]+"
	tags:
	- "v[0-9]+.[0-9a-z]+.[0-9a-z]+"
	schedule:
	- cron: "0 5 * * *"

	jobs:
	ppa-release-candidate:
	name: PPA Releases
	if: github.repository == 'mozilla-mobile/mozilla-vpn-client'
	runs-on: ubuntu-latest
	environment: PPA Automation
	env:
	DEBEMAIL: ${{ github.actor }}@users.noreply.github.com
	DEBFULLNAME: ${{ github.actor }}
	GITREF: ${{ github.ref }}
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: "recursive"

	- uses: actions/setup-python@v5
	with:
	python-version: "3.9"
	cache: "pip"
	- run: pip install -r requirements.txt

	- name: Install dependencies
	shell: bash
	run: \|
	sudo apt-get update
	sudo apt-get install golang debhelper devscripts dput-ng -y

	- name: Decision
	id: decision
	shell: bash
	run: \|
	git clone --depth 1 -b ubuntu/devel git://git.launchpad.net/ubuntu/+source/distro-info-data
	echo -n "releases=" >> $GITHUB_OUTPUT
	tail -n+2 distro-info-data/ubuntu.csv \| while read -r line; do
	IFS=',' read -ra data <<< "$line"
	now=$(date +%s)
	if [ $(date -d "${data[5]}" +%s) -lt $now ]; then
	echo "Ignoring release ${data[2]} -> eol ${data[5]}"
	continue # Ignore EOL releases
	fi
	if [ $(date -d "${data[4]}" +%s) -gt $((now + 5184000)) ]; then
	echo "Ignoring release ${data[2]} -> unreleased ${data[4]}"
	continue # Ignore releases more than 60 days in the future
	fi
	echo "Targeting release ${data[2]}"
	echo -n "${data[2]} " >> $GITHUB_OUTPUT
	done
	echo "" >> $GITHUB_OUTPUT

	if [[ "$GITREF" == "refs/heads/main" ]]; then
	echo "ppa-url=ppa:okirby/mozilla-vpn-nightly" >> $GITHUB_OUTPUT
	if [[ ! -z $(git rev-list --after="25 hours" ${{github.sha}}) ]]; then
	echo "submit-changes=true" >> $GITHUB_OUTPUT
	fi
	else
	echo "ppa-url=ppa:okirby/mozilla-vpn-testing" >> $GITHUB_OUTPUT
	echo "submit-changes=true" >> $GITHUB_OUTPUT
	fi

	- name: Build source bundle
	shell: bash
	run: ./scripts/linux/script.sh --source --gitref ${{github.ref}}

	- name: Import signing keys
	id: keys
	shell: bash
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
	GNUPGHOME: ${{ runner.temp }}/gnupg-data
	run: \|
	mkdir -m700 $GNUPGHOME
	echo "allow-preset-passphrase" > $GNUPGHOME/gpg-agent.conf
	gpgconf --kill gpg-agent

	echo "$GPG_PRIVATE_KEY" \| gpg --import --batch
	KEYID=$(gpg --with-colons --list-keys \| grep -m1 '^fpr:' \| tr -d [fpr:])
	KEYGRIP=$(gpg --with-colons --with-keygrip --list-keys \| grep -m1 '^grp:' \| tr -d [grp:])
	echo "$GPG_PASSWORD" \| /lib/gnupg2/gpg-preset-passphrase --preset $KEYGRIP

	echo "keyid=$KEYID" >> $GITHUB_OUTPUT

	- name: Push VPN package to Launchpad PPA
	shell: bash
	working-directory: .tmp
	if: ${{ steps.decision.outputs.submit-changes == 'true' }}
	env:
	KEYID: ${{ steps.keys.outputs.keyid }}
	PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }}
	PPA_URL: ${{ steps.decision.outputs.ppa-url }}
	GNUPGHOME: ${{ runner.temp }}/gnupg-data
	run: \|
	JOB_EXIT_CODE=0
	PACKAGE_DSC_FILE=$(find . -name '*.dsc')
	for dist in ${PPA_TARGET_DISTS}; do
	dpkg-source -x ${PACKAGE_DSC_FILE} $(pwd)/mozillavpn-source/

	PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Source)
	PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Version)
	PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1

	dch -c $(pwd)/mozillavpn-source/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}"
	(cd mozillavpn-source && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps)

	dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes \|\| JOB_EXIT_CODE=1
	rm -rf $(pwd)/mozillavpn-source
	done

	exit $JOB_EXIT_CODE

	- name: Push Keyring package to Launchpad PPA
	shell: bash
	working-directory: linux
	if: startsWith(github.ref, 'refs/heads/') && ${{ steps.decision.outputs.submit-changes == 'true' }}
	env:
	KEYID: ${{ steps.keys.outputs.keyid }}
	PPA_TARGET_DISTS: ${{ steps.decision.outputs.releases }}
	PPA_URL: ${{ steps.decision.outputs.ppa-url }}
	GNUPGHOME: ${{ runner.temp }}/gnupg-data
	run: \|
	JOB_EXIT_CODE=0
	for dist in ${PPA_TARGET_DISTS}; do
	git checkout -- keyring/debian/changelog

	PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l keyring/debian/changelog -S Source)
	PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l keyring/debian/changelog -S Version)
	PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1-build$(date +%Y%m%d%H%M%S)

	dch -c keyring/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist} "Release for ${dist}"
	(cd keyring && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps)

	dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes \|\| JOB_EXIT_CODE=1
	done

	exit $JOB_EXIT_CODE

	- name: Uploading sources
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: Sources
	path: .tmp
	include-hidden-files: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PPA Automated Releases #1905

Workflow file

PPA Automated Releases #1905

Jobs

Run details

Workflow file for this run