Install pandoc on rockylinux 8 #410
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Builds | |
| on: | |
| push: | |
| pull_request: | |
| release: | |
| tags: | |
| - 'v*' | |
| types: [published] | |
| workflow_dispatch: | |
| jobs: | |
| source_dist: | |
| name: "Source dist" | |
| if: > | |
| github.actor!='dependabot[bot]' && | |
| github.event_name!='pull_request' && | |
| ( github.ref_type=='tag' || github.ref_type=='branch' ) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Save version info | |
| run: | | |
| git log -1 > ./git.info | |
| - name: Fetch json-parser | |
| run: | | |
| make json-parser/configure | |
| - name: debug | |
| run: "env | sort" | |
| - name: Get tag/branch name | |
| run: | | |
| if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
| echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
| elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
| echo -n "$GITHUB_REF_NAME" > /tmp/version | |
| else | |
| exit 1 | |
| fi | |
| export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_') | |
| echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
| echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
| - name: Create source tarball | |
| run: | | |
| tar -cJ -f /tmp/${SRC_FILE} \ | |
| --transform "s,^\./,pam-weblogin-${PWL_VERSION}/," --sort=name \ | |
| --owner=0 --group=0 --mode=u=rwX,go=rX \ | |
| --exclude-vcs --exclude='**/.github' \ | |
| . | |
| - name: Show what we are shipping | |
| run: | | |
| tar tvJf /tmp/${SRC_FILE} | |
| - name: Create Artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: "dist-source" | |
| path: "/tmp/${{env.SRC_FILE}}" | |
| build_tests: | |
| name: Build tests | |
| if: always() | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - { os: ubuntu-20.04, compiler: gcc, version: 4.8 } | |
| - { os: ubuntu-20.04, compiler: gcc, version: 5 } | |
| - { os: ubuntu-20.04, compiler: gcc, version: 6 } | |
| - { os: ubuntu-20.04, compiler: gcc, version: 7 } | |
| - { os: ubuntu-20.04, compiler: gcc, version: 8 } | |
| - { os: ubuntu-22.04, compiler: gcc, version: 9 } | |
| - { os: ubuntu-22.04, compiler: gcc, version: 10 } | |
| - { os: ubuntu-22.04, compiler: gcc, version: 11 } | |
| - { os: ubuntu-22.04, compiler: gcc, version: 12 } | |
| - { os: ubuntu-22.04, compiler: gcc, version: 13 } | |
| - { os: ubuntu-20.04, compiler: clang, version: 9 } | |
| - { os: ubuntu-20.04, compiler: clang, version: 10 } | |
| - { os: ubuntu-20.04, compiler: clang, version: 11 } | |
| - { os: ubuntu-20.04, compiler: clang, version: 12 } | |
| - { os: ubuntu-22.04, compiler: clang, version: 13 } | |
| - { os: ubuntu-22.04, compiler: clang, version: 14 } | |
| - { os: ubuntu-22.04, compiler: clang, version: 15 } | |
| - { os: ubuntu-22.04, compiler: clang, version: 16 } | |
| - { os: macos-11, compiler: native } | |
| - { os: macos-12, compiler: native } | |
| # set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux | |
| env: | |
| CC: ${{ matrix.compiler == 'native' && 'cc' || format('{0}-{1}',matrix.compiler,matrix.version) }} | |
| steps: | |
| # - name: Housekeeping | |
| # run: | | |
| # sudo apt-get purge man-db | |
| # if: runner.os == 'Linux' | |
| - name: Add source for old gcc packages (ubuntu 18.04) | |
| run: | | |
| sudo tee "/etc/apt/sources.list.d/bionic.list" << EOF | |
| deb http://azure.archive.ubuntu.com/ubuntu bionic main universe | |
| deb http://azure.archive.ubuntu.com/ubuntu bionic-security main universe | |
| EOF | |
| cat /etc/apt/sources.list | |
| ls -la /etc/apt/sources.list.d | |
| sudo apt update | |
| if: runner.os == 'Linux' && matrix.compiler == 'gcc' && matrix.version < 7 | |
| - name: Install gcc | |
| run: | | |
| sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test | |
| sudo apt-get install --yes gcc-${{matrix.version}} | |
| if: runner.os == 'Linux' && matrix.compiler == 'gcc' | |
| - name: Install clang | |
| run: | | |
| wget https://apt.llvm.org/llvm.sh | |
| sudo bash ./llvm.sh ${{ matrix.version }} | |
| if: runner.os == 'Linux' && matrix.compiler == 'clang' | |
| - name: Show compiler version | |
| run: $CC --version | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev | |
| if: runner.os == 'Linux' | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Test compilation | |
| run: | | |
| make all | |
| - name: Test make clean | |
| run: | | |
| make clean | |
| make clean | |
| rm -rf json-parser/ | |
| make clean | |
| build_rpm: | |
| name: Build RPMs | |
| needs: | |
| - source_dist | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - { name: "centos7", container: "centos:7" } | |
| - { name: "fedora37", container: "fedora:37" } | |
| - { name: "fedora38", container: "fedora:38" } | |
| - { name: "rockylinux8", container: "rockylinux:8" } | |
| - { name: "rockylinux9", container: "rockylinux:9" } | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: Get tag/branch name | |
| run: | | |
| if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
| echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
| elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
| echo -n "$GITHUB_REF_NAME" > /tmp/version | |
| else | |
| exit 1 | |
| fi | |
| export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_') | |
| echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
| echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
| - name: Fetch source | |
| id: fetch_source | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: "dist-source" | |
| path: "." | |
| - name: Show source-dist | |
| run: | | |
| ls -la ${{steps.fetch_source.outputs.download-path}} | |
| sha1sum ${{steps.fetch_source.outputs.download-path}}/* || true | |
| sha256sum ${{steps.fetch_source.outputs.download-path}}/* || true | |
| - name: Prepare build dir | |
| run: | | |
| mkdir -p rpmbuild/SOURCES | |
| cp -v ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} rpmbuild/SOURCES | |
| ls -la rpmbuild/SOURCES | |
| tar -xvJ --wildcards --strip-components 1 -f ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} '*.spec' | |
| - name: Prepare container image | |
| run: > | |
| echo " | |
| FROM ${{matrix.container}} | |
| RUN yum install -y epel-release || true | |
| RUN yum install -y rpm-build | |
| RUN dnf config-manager --set-enabled powertools || true | |
| RUN dfn install -y pandoc || rpm install -y pandoc | |
| COPY pam-weblogin.spec /tmp/pwl.spec | |
| RUN command -v dnf && dnf install -y 'dnf-command(builddep)' || true | |
| RUN command -v dnf && dnf builddep -y /tmp/pwl.spec || yum-builddep -y /tmp/pwl.spec | |
| RUN rm /tmp/pwl.spec | |
| RUN gcc --version | |
| " > Dockerfile; | |
| docker build -f Dockerfile -t pwl-${{matrix.name}} . | |
| - name: build RPM package | |
| run: > | |
| docker run -v `pwd`/rpmbuild:/root/rpmbuild/ \ | |
| -v $(pwd)/pam-weblogin.spec:/pam-weblogin.spec \ | |
| pwl-${{matrix.name}} \ | |
| /bin/sh -c ' | |
| rpmbuild -ba --define "pwl_version ${{env.PWL_VERSION}}" --define "pwl_distro ${{matrix.name}}" pam-weblogin.spec; | |
| rpm -qlp rpmbuild/RPMS/x86_64/*.rpm | |
| ' | |
| - name: debug | |
| run: ls -laR rpmbuild | |
| - name: gather generated rpms | |
| run: | | |
| mkdir results | |
| cp rpmbuild/RPMS/x86_64/*.rpm rpmbuild/SRPMS/*.rpm results/ | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpm_${{matrix.name}} | |
| path: "results/*" | |
| build_deb: | |
| name: Build DEBs | |
| needs: | |
| - source_dist | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - { name: "debian12", container: "debian:12" } | |
| - { name: "debian11", container: "debian:11" } | |
| - { name: "debian10", container: "debian:10" } | |
| - { name: "ubuntu2204", container: "ubuntu:22.04" } | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install --yes pandoc | |
| - name: Get tag/branch name | |
| run: | | |
| if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
| echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
| elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
| echo -n "$GITHUB_REF_NAME" > /tmp/version | |
| else | |
| exit 1 | |
| fi | |
| export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9.+' '-') | |
| echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
| echo BUILD_DIR=libpam-weblogin_${PWL_VERSION}-${{matrix.name}}-1_amd64 >> $GITHUB_ENV | |
| echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
| echo BUILD_ARCH=$(dpkg-architecture -q DEB_BUILD_MULTIARCH) >> $GITHUB_ENV | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| path: pwl-checkout | |
| - name: Prepare container image | |
| run: > | |
| echo " | |
| FROM ${{matrix.container}} | |
| RUN apt update; apt upgrade -y | |
| RUN apt-get install -y build-essential git libpam0g-dev libcurl4-openssl-dev | |
| RUN gcc --version | |
| " > Dockerfile; | |
| docker build -f Dockerfile -t pwl-${{matrix.name}} . | |
| - name: Build binaries | |
| run: > | |
| docker run -v `pwd`/pwl-checkout:/root/pam-weblogin \ | |
| pwl-${{matrix.name}} \ | |
| /bin/sh -c 'cd /root/pam-weblogin; make' | |
| - name: Debug | |
| run: ls -laR pwl-checkout/src/*.so | |
| - name: Prepare build dir | |
| run: | | |
| mkdir -p ${BUILD_DIR}/DEBIAN | |
| mkdir -p ${BUILD_DIR}/etc/pam.d | |
| mkdir -p ${BUILD_DIR}/lib/${BUILD_ARCH}/security/ | |
| mkdir -p ${BUILD_DIR}/usr/share/doc/pam-weblogin/ | |
| cp pwl-checkout/src/pam_weblogin.so ${BUILD_DIR}/lib/${BUILD_ARCH}/security/pam_weblogin.so | |
| cp pwl-checkout/pam-weblogin.conf.sample ${BUILD_DIR}/etc/pam-weblogin.conf | |
| pandoc pwl-checkout/README.md -t plain > ${BUILD_DIR}/usr/share/doc/pam-weblogin/README | |
| echo "Package: libpam-weblogin | |
| Version: ${PWL_VERSION} | |
| Section: custom | |
| Priority: optional | |
| Architecture: amd64 | |
| Depends: libcurl3-gnutls, libpam0g | |
| Maintainer: SURF <[email protected]> | |
| Description: Pam weblogin module" > ${BUILD_DIR}/DEBIAN/control | |
| cat ${BUILD_DIR}/DEBIAN/control | |
| - name: Build debs in container | |
| run: | | |
| docker run \ | |
| -v `pwd`:/work/ \ | |
| pwl-${{matrix.name}} \ | |
| /bin/sh -c " | |
| cd /work && | |
| dpkg-deb --build --root-owner-group ${BUILD_DIR} | |
| dpkg -c *.deb | |
| " | |
| - name: Gather generated debs | |
| run: | | |
| mkdir results | |
| cp *.deb results/ | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: deb_${{matrix.name}} | |
| path: "results/*" | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build_tests | |
| - source_dist | |
| - build_rpm | |
| - build_deb | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Fetch artifacts | |
| id: fetch_artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| path: "artifacts/" | |
| - name: Gather artifacts for release | |
| run: | | |
| mkdir to_release | |
| cp -v artifacts/**/* to_release/ | |
| - name: Create Release | |
| if: "github.ref_type=='tag'" | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: "to_release/*" | |
| - name: Advance latest tag | |
| if: "github.ref_type=='branch'" | |
| uses: EndBug/latest-tag@v1 | |
| with: | |
| ref: "branch+${{github.ref_name}}" | |
| description: "Latest commit in the main branch" | |
| - name: Remove all previous "latest" releases | |
| if: "github.ref_type=='branch'" | |
| uses: dev-drprasad/[email protected] | |
| with: | |
| keep_latest: 0 | |
| delete_tag_pattern: "branch+${{github.ref_name}}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Release for branch | |
| if: "github.ref_type=='branch'" | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| name: "Latest from branch ${{github.ref_name}}" | |
| tag_name: "branch+${{github.ref_name}}" | |
| prerelease: true | |
| files: "to_release/*" | |