Update Apt Repository #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Apt Repository | |
| on: | |
| schedule: | |
| - cron: "0 0 * * 0" | |
| workflow_dispatch: | |
| env: | |
| DEBIAN_RELEASES: "stretch buster bullseye" | |
| UBUNTU_RELEASES: "jammy xenial bionic focal" | |
| ERLANG_VERSIONS: "24 25 26" | |
| ELIXIR_VERSIONS: "1.16 1.15 1.14 1.13 1.12" | |
| MONGOOSEIM_VERSIONS: "5 6" | |
| AWS_REGION: "eu-west-2" | |
| AWS_SOURCE_BUCKET: "esl-erlang" | |
| AWS_DESTINATION_BUCKET: "esl-packages" | |
| ARCHITECTURE: "amd64,arm64" | |
| GPG_PASS: "${{ secrets.GPG_PASS }}" | |
| jobs: | |
| update-repo: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| # Install dependencies required by the scripts | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y aptly awscli dpkg-sig gnupg python3-pip | |
| pip3 install boto3 | |
| # Configure Credentials for AWS | |
| - name: Set AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-2 | |
| - id: install-aws-cli | |
| uses: unfor19/[email protected] | |
| with: | |
| version: 2 # default | |
| verbose: false # default | |
| arch: amd64 | |
| # Clean files from Destination S3 to avoid metadata issues | |
| - name: Clean previous deb files from destination Bucket | |
| run: | | |
| aws s3 rm s3://$AWS_DESTINATION_BUCKET/debian --recursive | |
| aws s3 rm s3://$AWS_DESTINATION_BUCKET/ubuntu --recursive | |
| # Run the script to create the repositories for ESL-erlang | |
| - name: Create Repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES | |
| do | |
| for erlang in $ERLANG_VERSIONS | |
| do | |
| aptly repo create "$distro/esl-erlang-$erlang" | |
| done | |
| done | |
| # Run the script to create the repositories for Elixir | |
| - name: Create Elixir Repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES | |
| do | |
| for elixir in $ELIXIR_VERSIONS | |
| do | |
| aptly repo create "$distro/elixir-$elixir" | |
| done | |
| done | |
| # Run the script to create the repositories for MongooseIM | |
| - name: Create Mongoose Repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES $UBUNTU_RELEASES | |
| do | |
| for mongooseim in $MONGOOSEIM_VERSIONS | |
| do | |
| aptly repo create "$distro/mongooseim-$mongooseim" | |
| done | |
| done | |
| # Download .deb files from S3 | |
| - name: Download deb files | |
| run: | | |
| mkdir Packages | |
| aws s3 sync s3://$AWS_SOURCE_BUCKET Packages --exclude "*" --include "*.deb" | |
| # Run the script to add the packages to the repositories and check sign | |
| - name: Add Packages to Repositories | |
| run: | | |
| for file in $(find Packages -name '*.deb') | |
| do | |
| if [[ "$file" =~ (esl-erlang|elixir|mongooseim)_([0-9]+(\.[0-9]+)*(-[0-9]+)?)(_[0-9]+)?(_otp_[0-9.]+)?~(debian|ubuntu)~([a-z]+)_(amd64|arm64|all)\.deb$ ]]; then | |
| if ! dpkg-sig --verify "$file" >/dev/null 2>&1; then | |
| echo "File $file is not signed. Signing with key $GPG_KEY_ID." | |
| dpkg-sig -g "--no-tty --passphrase $GPG_PASS" -k $GPG_KEY_ID "$file" | |
| fi | |
| if [[ "${BASH_REMATCH[1]}" == "mongooseim" ]]; then | |
| repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}" | |
| elif [[ "${BASH_REMATCH[1]}" == "esl-erlang" ]]; then | |
| repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%%.*}" | |
| elif [[ "${BASH_REMATCH[1]}" == "elixir" ]]; then | |
| repo_name="${BASH_REMATCH[8]}/${BASH_REMATCH[1]}-${BASH_REMATCH[2]%.*}" | |
| fi | |
| aptly repo add --force-replace "$repo_name" "$file" | |
| fi | |
| done | |
| #Configure Aptly | |
| - name: Configure aptly.conf | |
| run: | | |
| echo '{ | |
| "S3PublishEndpoints": { | |
| "esl-packages": { | |
| "region": "eu-west-2", | |
| "bucket": "esl-packages", | |
| "awsAccessKeyID": "${{ secrets.AWS_ACCESS_KEY_ID }}", | |
| "awsSecretAccessKey": "${{ secrets.AWS_SECRET_ACCESS_KEY }}", | |
| "awsRegion": "eu-west-2", | |
| "acl": "public-read" | |
| } | |
| } | |
| }' > aptly.conf | |
| sudo mv aptly.conf ~/.aptly.conf | |
| # Retrieve GPG key and passphrase from GitHub Actions secrets | |
| - name: Import keys | |
| run: | | |
| echo "${{ secrets.GPG_P_KEY }}" | tr ';' '\n' > GPG-KEY-pmanager | |
| gpg --batch --import GPG-KEY-pmanager | |
| gpg --batch --list-keys | |
| gpg --batch --output GPG-KEY-pmanager.asc --armor --export ${{ secrets.GPG_KEY_ID }} | |
| aws s3 sync . s3://esl-packages --acl public-read --exclude "*" --include "*.asc" --include "*.json" | |
| # Publish the repositories for ESL-Erlang to S3 Destination | |
| - name: Publish esl-erlang repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES | |
| do | |
| for erlang in $ERLANG_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-esl-erlang-$erlang" -gpg-key="${{ secrets.GPG_KEY_ID }}" -passphrase="${{ secrets.GPG_PASS }}" "$distro/esl-erlang-$erlang" s3:$AWS_DESTINATION_BUCKET:debian/ | |
| done | |
| done | |
| for distro in $UBUNTU_RELEASES | |
| do | |
| for erlang in $ERLANG_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-esl-erlang-$erlang" -gpg-key="${{ secrets.GPG_KEY_ID }}" -passphrase="${{ secrets.GPG_PASS }}" "$distro/esl-erlang-$erlang" s3:$AWS_DESTINATION_BUCKET:ubuntu/ | |
| done | |
| done | |
| # Publish the repositories for Elixir to S3 Destination | |
| - name: Publish elixir repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES | |
| do | |
| for elixir in $ELIXIR_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-elixir-$elixir" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/elixir-$elixir" s3:$AWS_DESTINATION_BUCKET:debian/ | |
| done | |
| done | |
| for distro in $UBUNTU_RELEASES | |
| do | |
| for elixir in $ELIXIR_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-elixir-$elixir" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/elixir-$elixir" s3:$AWS_DESTINATION_BUCKET:ubuntu/ | |
| done | |
| done | |
| # Publish the repositories for MongooseIM to S3 Destination | |
| - name: Publish MongooseIM Repositories | |
| run: | | |
| for distro in $DEBIAN_RELEASES | |
| do | |
| for mongooseim in $MONGOOSEIM_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-mongooseim-$mongooseim" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/mongooseim-$mongooseim" s3:$AWS_DESTINATION_BUCKET:debian/ | |
| done | |
| done | |
| for distro in $UBUNTU_RELEASES | |
| do | |
| for mongooseim in $MONGOOSEIM_VERSIONS | |
| do | |
| aptly publish repo -architectures="$ARCHITECTURE" -batch -acquire-by-hash -component="contrib" -distribution="$distro-mongooseim-$mongooseim" -passphrase=""${{ secrets.GPG_PASS }}"" "$distro/mongooseim-$mongooseim" s3:$AWS_DESTINATION_BUCKET:ubuntu/ | |
| done | |
| done |