Chakra_Linux/gtk
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/gtk.git synced 2025-01-25 02:22:13 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
3308b81716
gtk/.gitlab-ci.yml
AlmAck 3308b81716 [skip-ci] fix YAML syntax
2018-01-06 23:27:27 +01:00

97 lines
2.9 KiB
YAML
Raw Blame History

image: chakralinux/makepkg:latest
variables:
REPODIR: "$CI_PROJECT_DIR"
stages:
- package
- sign
- deploy
before_script:
# The repository build script is run by user 'builder'. The build scripts needs
# to install dependencies using pacman. This requires root permissions.
# (Note: the build script itself can't be run as root, as makepkg would
# complain)
- useradd -m -G users -s /bin/bash builder
- "echo 'builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' >> /etc/sudoers"
#- echo -en "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/10-builder
# SSH setup
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
#- mkdir -p ~/.ssh
#- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa && chmod 700 ~/.ssh
# GPG setup
- gpg -v --batch --import <(echo "$GPG_PRIVATE_KEY")
- echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
- gpg-connect-agent reloadagent /bye
# setup basic environment settings, as root
- .build-bin/prepare.sh
# import pgp keys flagged as valid
- sudo -u builder -E -H .build-bin/import-validpgpkeys.sh
build_repo:
stage: package
script:
# the build script can't be run as root, as makepkg would complain...
- sudo -u builder -E -H .build-bin/build.sh
artifacts:
# expire artifacts per default - the gitlab web frontend can be used to keep
# artifacts of interest for an unlimited time
expire_in: 1 week
paths:
- ./*.pkg.tar.xz
name: "$CI_BUILD_NAME"
cache:
paths:
- /var/cache/pacman/pkg
tags:
- PKGBUILD
sign_pkgs:
stage: sign
script:
- for pkg in $(find . -type f | grep ".pkg.tar.xz"); do echo "signing $pkg" && echo "$GPG_PASSWORD" | gpg -sb --pinentry-mode loopback --passphrase-fd 0 $pkg; done
artifacts:
# expire artifacts per default - the gitlab web frontend can be used to keep
# artifacts of interest for an unlimited time
expire_in: 1 week
paths:
- ./*.pkg.tar.xz.sig
name: "$CI_BUILD_NAME"
tags:
- signature
deploy_repo:
stage: deploy
variables:
DEPLOY_SERVER: "$DEPLOY_SERVER"
SSH_USER: "$SSH_USER"
SSH_PORT: "$SSH_PORT"
environment: staging-repo
script:
- .build-bin/deploy.sh
when: manual
tags:
- rsync
Reference in New Issue View Git Blame Copy Permalink