From 3f703d1c1b88939578b5ecf01d2aa6029ae9d393 Mon Sep 17 00:00:00 2001 From: Erik Moeller Date: Mon, 25 Mar 2024 21:31:55 -0700 Subject: [PATCH] Remove CI job to check for Tor package updates Migrated to GitHub Actions in securedrop-apt-test repository --- .circleci/config.yml | 35 --------------------- scripts/new-tor-issue | 72 ------------------------------------------- 2 files changed, 107 deletions(-) delete mode 100755 scripts/new-tor-issue diff --git a/.circleci/config.yml b/.circleci/config.yml index c2bff930..8dfe65b4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -65,40 +65,6 @@ jobs: chown ci:root -R . sudo -u ci bash -c "source .venv/bin/activate && pytest -vvs tests/test_reproducible_wheels.py" - reprepro-update-tor: - docker: - - image: debian:bullseye-backports - steps: - - checkout - - *addsshkeys - - run: - name: clone and run reprepro update - command: | - apt-get update - apt-get install -y reprepro ca-certificates dctrl-tools git git-lfs openssh-client \ - gh python3 - - # Clone the dev repo and configure it - git clone git@github.com:freedomofpress/securedrop-apt-test.git - cd securedrop-apt-test - git lfs install - git config user.email "securedrop@freedom.press" - git config user.name "sdcibot" - - # Import the Tor repo signing key - gpg --import repo/conf/updates-keys/*.gpg - # Run reprepro update, skip export since we just want the debs (and we don't have - # the repo signing key anyways) - REPREPRO_BASE_DIR=repo reprepro --export=never update - - # Move the new packages over, intentionally leaving the old ones around - mv repo/pool/main/t/tor/*.deb core/focal/ - git add core/focal/*.deb - # If there are changes, diff-index will fail, so we commit and push - git diff-index --quiet HEAD || (git commit -m "Automatically updating Tor packages" \ - && git push origin main && ../scripts/new-tor-issue) - - build-rpm: parameters: package: @@ -179,7 +145,6 @@ workflows: only: - main jobs: - - reprepro-update-tor - build-rpm: matrix: parameters: diff --git a/scripts/new-tor-issue b/scripts/new-tor-issue deleted file mode 100755 index b6eb9dc2..00000000 --- a/scripts/new-tor-issue +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env python3 -""" -Creates a new issue to track Tor updates or appends a comment -to any existing issues -""" - -import json -import random -import subprocess -import tempfile - -REPOSITORY = "freedomofpress/securedrop" -# TODO: Add more -SALUTATIONS = ["Aloha", "Bonjour", "Ciao", "Dear human overlords"] -TEMPLATE = """\ -{salutation}, - -A new Tor update is available. - -Details should be available on the [Tor forum](https://forum.torproject.net/c/news/tor-release-announcement/28). - -
Here is the commit I just pushed to -apt-test: - -```diff -{patch} -``` -
- -* [x] CI adds new packages to apt-test -* [ ] Install tor, tor-geoipdb packages from apt-test on a prod - install and let them sit overnight -* [ ] Verify that tor is still running after reboot, services - available, no errors or unexpected messages in logs -* [ ] Submit a PR to `securedrop-apt-prod` to deploy - the same packages - -P.S. This issue was created by `scripts/new-tor-issue` via the CI job `reprepro-update-tor`. -""" -TITLE = "New Tor update available" - - -def main(): - patch = subprocess.check_output(["git", "format-patch", "HEAD~1", "--stdout"]).decode().strip() - # Query open issues to see if there's a task already open - existing = json.loads(subprocess.check_output( - ["gh", "issue", "list", "-R", REPOSITORY, - "-S", TITLE, "--json", "title,number"] - )) - with tempfile.TemporaryFile("w") as message: - message.write(TEMPLATE.format(salutation=random.choice(SALUTATIONS), patch=patch)) - message.seek(0) - for issue in existing: - # Looks like there's already an open issue - if issue["title"] == TITLE: - subprocess.run( - ["gh", "issue", "comment", "-R", REPOSITORY, - str(issue["number"]), "-F", "-"], - stdin=message, check=True - ) - return - - # Create a new issue - subprocess.run( - ["gh", "issue", "create", "-R", REPOSITORY, - "--title", TITLE, "-F", "-"], - stdin=message, check=True - ) - - -if __name__ == "__main__": - main()