Skip to content

reprepro-incoming #1396

reprepro-incoming

reprepro-incoming #1396

Workflow file for this run

name: Deploy Reprepro
on:
workflow_call:
inputs:
incoming:
type: string
required: true
description: Name of incoming deb file
secrets:
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
CF_R2_ACCESS_KEY_ID:
required: false
CF_R2_TOKEN:
required: false
repository_dispatch:
types: [reprepro-incoming]
workflow_dispatch:
inputs:
incoming:
description: Name of incoming deb file
required: true
type: string
# Protect reprepro database using concurrency
concurrency: reprepro
jobs:
reprepro:
name: Deploy debian package
environment: packages.element.io
runs-on: ubuntu-24.04
env:
R2_BUCKET: ${{ vars.R2_BUCKET }}
R2_DB_BUCKET: ${{ vars.R2_DB_BUCKET }}
R2_INCOMING_BUCKET: ${{ vars.R2_INCOMING_BUCKET }}
R2_URL: ${{ vars.CF_R2_S3_API }}
INCOMING_FILE: ${{ inputs.incoming || github.event.client_payload.incoming }}
steps:
- uses: actions/checkout@v3
- name: Fetch deb
run: |
mkdir dist
aws s3 cp "s3://$R2_INCOMING_BUCKET/$INCOMING_FILE" dist/ --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Load GPG key
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
fingerprint: ${{ vars.GPG_FINGERPRINT }}
- name: Install reprepro
run: sudo apt-get install -y reprepro
- name: Fetch database
run: aws s3 cp --recursive "s3://$R2_DB_BUCKET" debian/db/ --endpoint-url "$R2_URL" --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Run reprepro
id: reprepro
run: |
set -x
# Find all configured suites which can accept a deb for this architecture, "all" can match all non-source
ARCH=$(dpkg --info "dist/$INCOMING_FILE" | awk '/Architecture/ {print $2}')
echo "arch=$ARCH" >> $GITHUB_OUTPUT
DISTROS=$(reprepro -b debian _listconfidentifiers | grep -v source)
if [[ "$ARCH" != "all" ]]; then
DISTROS=$(echo "$DISTROS" | grep "$ARCH")
fi
echo "$DISTROS" | awk -F "|" '{print $1}' | uniq | while read -r target ; do
reprepro -b debian includedeb "$target" "dist/$INCOMING_FILE"
done
- name: Host repository for testing
uses: Eun/http-server-action@856e467dda36cd5d30e93bd7dd168cf3e1676301 # v1
with:
directory: packages.element.io
port: 8000
- name: Check repository works
run: |
set +x
# Add architecture so apt will download for it
sudo dpkg --add-architecture $ARCH || exit 0
# Copy signing keyring
sudo cp debian/element-io-archive-keyring.gpg /usr/share/keyrings/element-io-archive-keyring.gpg
# Point apt at local apt repo overwriting all default sources
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://localhost:8000/debian/ default main" | sudo tee /etc/apt/sources.list
# Later ubuntu versions use the `conf.d` approach so we need to remove the default sources
sudo rm -R /etc/apt/sources.list.d/*
sudo apt-get update --allow-insecure-repositories
# Validate the package in the repo quacks like the one we expect
info=$(dpkg --info ../dist/$INCOMING_FILE)
package=$(echo "$info" | grep "Package:" | sed -n 's/ Package: //p')
version=$(echo "$info" | grep "Version:" | sed -n 's/ Version: //p')
apt-cache show "$package" -o=APT::Architecture="$ARCH" | grep "Version: $version"
working-directory: ./packages.element.io
env:
ARCH: ${{ steps.reprepro.outputs.arch }}
- name: Deploy debian repo
run: |
aws s3 cp --recursive packages.element.io/debian/ "s3://$R2_BUCKET/debian" --endpoint-url "$R2_URL" --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Store database
run: aws s3 cp --recursive debian/db/ "s3://$R2_DB_BUCKET" --endpoint-url "$R2_URL" --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Cleanup incoming
run: aws s3 rm "s3://$R2_INCOMING_BUCKET/$INCOMING_FILE" --endpoint-url "$R2_URL" --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}