diff --git a/.github/workflows/on-pr.yml b/.github/workflows/on-pr.yml index a5a8e54cc7..ac5e282e34 100644 --- a/.github/workflows/on-pr.yml +++ b/.github/workflows/on-pr.yml @@ -8,7 +8,7 @@ name: PR on: push: branches: - - legleux/linux_packages + - legleux/build merge_group: types: - checks_requested diff --git a/.github/workflows/reusable-build-pkg.yml b/.github/workflows/reusable-build-pkg.yml index b252b5e100..1f2abef157 100644 --- a/.github/workflows/reusable-build-pkg.yml +++ b/.github/workflows/reusable-build-pkg.yml @@ -21,7 +21,7 @@ jobs: build: name: Build ${{ inputs.pkg_type }} ${{ inputs.arch }} package runs-on: heavy${{ inputs.arch == 'arm64' && '-arm64' || '' }} - container: ghcr.io/xrplf/ci/${{ inputs.pkg_type == 'rpm' && 'rhel-9' || 'debian-bookworm' }}:gcc-12 + container: ghcr.io/xrplf/ci/${{ inputs.pkg_type == 'rpm' && 'rhel-9' || 'ubuntu-jammy' }}:gcc-12 steps: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 @@ -29,25 +29,29 @@ jobs: - name: Build packages run: | ./pkgs/build.sh - # cp pkgs/rippled-3.0.0-1.x86_64.rpm rippled-3.0.0-1.amd64.rpm - find . -name "*.rpm" - printf '%s\n' \ - "rpm_md5sum=$(rpm -q --queryformat '%{SIGMD5}\n' -p ./rippled-[0-9]*.rpm 2>/dev/null)" \ - "rpm_sha256=$(sha256sum ./rippled-[0-9]*.rpm | awk '{ print $1 }')" \ - > build_vars cat build_vars >> $GITHUB_STEP_SUMMARY + - uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.pkg_type }}-${{ inputs.arch }} + path: | + *.deb + *.ddeb + if-no-files-found: error + if: inputs.pkg_type == 'deb' + - uses: actions/upload-artifact@v4 with: name: ${{ inputs.pkg_type }}-${{ inputs.arch }} path: "*${{ inputs.arch }}.${{ inputs.pkg_type }}" if-no-files-found: error + if: inputs.pkg_type == 'rpm' test: name: Test ${{ inputs.pkg_type }} ${{ inputs.arch }} package needs: build runs-on: heavy${{ inputs.arch == 'arm64' && '-arm64' || '' }} - container: ghcr.io/xrplf/ci/${{ inputs.pkg_type == 'rpm' && 'rhel-9' || 'debian-bookworm' }}:gcc-12 + container: ghcr.io/xrplf/ci/${{ inputs.pkg_type == 'rpm' && 'rhel-9' || 'ubuntu-jammy' }}:gcc-12 steps: - uses: actions/download-artifact@v4 with: @@ -72,28 +76,73 @@ jobs: with: name: ${{ inputs.pkg_type }}-${{ inputs.arch }} - ## Also possibility - # - name: Write passphrase file securely - # run: | - # install -m 600 /dev/null "$RUNNER_TEMP/gpg-pass" - # # newline OK; gpg reads to EOF - # printf '%s\n' "${{ secrets.GPG_PASSPHRASE }}" > "$RUNNER_TEMP/gpg-pass" - name: Sign env: PYTHONUNBUFFERED: 1 GPG_KEY_B64: ${{ secrets.GPG_KEY_B64 }} GPG_KEY_PASS_B64: ${{ secrets.GPG_KEY_PASS_B64 }} run: | - for i in $(find . -maxdepth 1 -type f -name "rippled-[0-9]*.rpm"); do - echo "found $i" - ./pkgs/sign_packages.py $i - done - # find . -name "*.${{ inputs.pkg_type }}" -print0 | xargs -0 -I{} ./pkgs/sign_packages.py "{}" - #find . -maxdepth 1 -name "*.rpm" -print0 | xargs -0 -I{} ./pkgs/sign_packages.py "{}" - #find . -maxdepth 1 -name "*.rpm" -print0 | xargs -0 -I{} echo "found-{}" + if [ "${{ inputs.pkg_type }}" = "rpm" ]; then + for i in $(find . -maxdepth 1 -type f -name "rippled-[0-9]*.rpm"); do + echo "found $i" + ./pkgs/sign_packages.py "$i" + done + elif [ "${{ inputs.pkg_type }}" = "deb" ]; then + for i in $(find . -maxdepth 1 -type f -name "rippled_*.deb"); do + echo "found $i" + ./pkgs/sign_packages.py "$i" + done + fi + + - uses: actions/upload-artifact@v4 + with: + name: signed-rippled-${{ inputs.pkg_type }}-${{ inputs.arch }} + path: | + *.deb + *.ddeb + if-no-files-found: error + if: inputs.pkg_type == 'deb' - uses: actions/upload-artifact@v4 with: name: signed-rippled-${{ inputs.pkg_type }}-${{ inputs.arch }} path: "*${{ inputs.arch }}.${{ inputs.pkg_type }}" if-no-files-found: error + if: inputs.pkg_type == 'rpm' + + docker: + name: Build Docker image + if: inputs.pkg_type == 'deb' + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + + - uses: actions/download-artifact@v4 + with: + name: deb-${{ inputs.arch }} + + - uses: docker/setup-buildx-action@v3 + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: docker/metadata-action@v5 + id: meta + with: + images: ghcr.io/${{ github.repository_owner }}/rippled + tags: | + type=ref,event=branch + type=ref,event=tag + type=sha + + - uses: docker/build-push-action@v6 + with: + context: . + file: pkgs/docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/pkgs/build.sh b/pkgs/build.sh index 024c7ac4db..db6a7829b8 100755 --- a/pkgs/build.sh +++ b/pkgs/build.sh @@ -168,7 +168,7 @@ CHANGELOG printf '%s\n' \ "deb_sha256=$(sha "rippled_${full_version}_amd64.deb")" \ - "dbg_sha256=$(sha "rippled-dbgsym_${full_version}_amd64.deb")" \ + "dbg_sha256=$(sha "rippled-dbgsym_${full_version}_amd64")" \ "rippled_version=${xrpl_version}" \ "rippled_git_hash=${commit}" \ "dpkg_version=${dpkg_version}" \ @@ -199,4 +199,6 @@ fi # "rippled_version=3.0.0" \ # "rippled_git_hash=deadbeef" \ # > build_vars -cp "${build_dir}/"*.$PKG . +cp "${build_dir}/"*.deb . 2>/dev/null || true +cp "${build_dir}/"*.ddeb . 2>/dev/null || true +cp "${build_dir}/"*.rpm . 2>/dev/null || true diff --git a/pkgs/docker/Dockerfile b/pkgs/docker/Dockerfile new file mode 100644 index 0000000000..0b9ca192f2 --- /dev/null +++ b/pkgs/docker/Dockerfile @@ -0,0 +1,24 @@ +FROM ubuntu:jammy + +COPY rippled_*_amd64.deb /tmp/ +RUN apt-get update && \ + apt-get install -y --no-install-recommends /tmp/rippled_*_amd64.deb && \ + rm -f /tmp/*.deb && \ + rm -rf /var/lib/apt/lists/* + +RUN <