| #!/usr/bin/env groovy |
| |
| String getLatestSnapshot(repository_stem) { |
| def script = """ |
| aptly snapshot list --sort=time --raw \ |
| | grep -E '^${repository_stem}-' \ |
| | head -n1 |
| """ |
| |
| return sh(returnStdout: true, script: script) |
| } |
| |
| String getFileContents(filename) { |
| return sh(returnStdout: true, script: "cat ${filename}").trim() |
| } |
| |
| String getKeygripId() { |
| def script = ''' |
| gpg --no-default-keyring --keyring=release-keyring.gpg --with-colons --list-secret-keys \ |
| | awk -F: '\$1 == "grp" { print \$10 }' \ |
| | head -n1 |
| ''' |
| |
| sh(script: script) |
| return sh(returnStdout: true, script: script).trim() |
| } |
| |
| def workspacePath = "/home/jenkins/workspace" |
| def buildLabel = "task.publish.unstable-${UUID.randomUUID().toString()}" |
| def sourcePath = "${workspacePath}/src" |
| |
| // FIXME(jtgans): Get rid of privileged! This is a security risk! |
| def jnlpContainer = containerTemplate(name: 'jnlp', |
| image: 'jenkins/jnlp-slave:alpine') |
| def debianContainer = containerTemplate(name: 'debian', |
| image: 'gcr.io/mendel-linux-cloud-infra/mendel-builder:latest', |
| command: 'cat', |
| args: '', |
| ttyEnabled: true, |
| privileged: true, |
| alwaysPullImage: true) |
| def aptlyVolume = persistentVolumeClaim(claimName: 'aptly-state', mountPath: '/var/lib/aptly') |
| def gpgVolume = secretVolume(secretName: 'mendel-release-credentials', mountPath: '/var/lib/aptly/keyring') |
| |
| podTemplate(label: buildLabel, containers: [jnlpContainer, debianContainer], volumes: [aptlyVolume, gpgVolume], envVars: []) { |
| node(buildLabel) { |
| dir(sourcePath) { |
| container('debian') { |
| sh "cp /etc/aptly.conf ~/.aptly.conf" |
| withEnv(['GNUPGHOME=/var/lib/aptly/.gnupg']) { |
| def debianMirrorSnapshotName = getLatestSnapshot('debian-buster') |
| def coreSnapshotName = getLatestSnapshot('core-unstable') |
| def bspSnapshotName = getLatestSnapshot('enterprise-bsp-unstable') |
| def keygripId = getKeygripId() |
| |
| def date = new Date() |
| String stamp = date.format("yyyyMMdd-HHmmss") |
| |
| sh """ |
| install -d -m 700 -o root -g root /var/lib/aptly/.gnupg |
| tar -C /var/lib/aptly/.gnupg -zxf /var/lib/aptly/keyring/release-keyring.tar.gz |
| chown -R root:root /var/lib/aptly/.gnupg |
| find /var/lib/aptly/.gnupg -type d -exec chmod 700 '{}' ';' |
| find /var/lib/aptly/.gnupg -type f -exec chmod 600 '{}' ';' |
| |
| mkdir -p /var/lib/aptly/publishes/unstable |
| aptly snapshot merge core-full-unstable-${stamp} ${debianMirrorSnapshotName} ${coreSnapshotName} |
| aptly publish snapshot --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --gpg-key=${keygripId} --distribution=unstable core-full-unstable-${stamp} filesystem:unstable:unstable |
| aptly publish snapshot --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --gpg-key=${keygripId} --distribution=unstable ${bspSnapshotName} filesystem:unstable:unstable |
| """ |
| } |
| } |
| } |
| } |
| } |