diff --git a/Jenkinsfile b/Jenkinsfile
index 09dc15ee4efa9532541610f497a70361953e552e..28cb9744d7389b26d700acd4695b2b57b537daba 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -26,14 +26,22 @@
// 2. ws-cleanup plugin
// 3. ansicolor plugin
+// TODO:
+// - GPG-sign release tarballs.
+// - GPG-sign release commits.
+// - Allow publishing from any node, to avoid relying on a single machine.
+
// Configuration globals.
def SUBMODULES = ['daemon', 'lrc', 'client-gnome', 'client-qt']
def TARGETS = [:]
-def SSH_PRIVATE_KEY = '/var/lib/jenkins/.ssh/gplpriv'
def REMOTE_HOST = env.SSH_HOST_DL_RING_CX
def REMOTE_BASE_DIR = '/srv/repository/ring'
-def RING_PUBLIC_KEY_FINGERPRINT = 'A295D773307D25A33AE72F2F64CD5FA175348F84'
+def JAMI_PUBLIC_KEY_FINGERPRINT = 'A295D773307D25A33AE72F2F64CD5FA175348F84'
def SNAPCRAFT_KEY = '/var/lib/jenkins/.snap/key'
+def GIT_USER_EMAIL = 'jenkins@jami.net'
+def GIT_USER_NAME = 'jenkins'
+def GIT_PUSH_URL = 'ssh://jenkins@review.jami.net:29420/jami-project'
+def SSH_CRED_ID = '35cefd32-dd99-41b0-8312-0b386df306ff'
pipeline {
agent {
@@ -72,7 +80,10 @@ pipeline {
description: 'Whether to build ARM packages.')
booleanParam(name: 'DEPLOY',
defaultValue: false,
- description: 'Whether and where to deploy packages.')
+ description: 'Whether to deploy packages.')
+ booleanParam(name: 'PUBLISH',
+ defaultValue: false,
+ description: 'Whether to upload tarball and push to git.')
choice(name: 'CHANNEL',
choices: 'internal\nnightly\nstable',
description: 'The repository channel to deploy to. ' +
@@ -107,6 +118,28 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
}
}
+ stage('Configure Git') {
+ steps {
+ sh """git config user.name ${GIT_USER_NAME}
+ git config user.email ${GIT_USER_EMAIL}
+ git remote set-url origin ${GIT_PUSH_URL}
+ """
+ }
+ }
+
+ stage('Checkout channel branch') {
+ when {
+ expression {
+ params.CHANNEL != 'internal'
+ }
+ }
+
+ steps {
+ sh "git checkout ${params.CHANNEL} " +
+ '&& git merge --no-commit FETCH_HEAD'
+ }
+ }
+
stage('Fetch submodules') {
steps {
echo 'Initializing submodules ' + SUBMODULES.join(', ') +
@@ -119,14 +152,47 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
stage('Generate release tarball') {
steps {
- sh '''#!/usr/bin/env -S bash -l
- make portable-release-tarball .tarball-version
- '''
+ sh """#!/usr/bin/env -S bash -l
+ git commit -am "New release."
+ make portable-release-tarball .tarball-version
+ git tag \$(cat .tarball-version)
+ """
stash(includes: '*.tar.gz, .tarball-version',
name: 'release-tarball')
}
}
+ stage('Publish release artifacts') {
+ when {
+ expression {
+ params.PUBLISH && params.CHANNEL != 'internal'
+ }
+ }
+
+ environment {
+ GIT_SSH_COMMAND = 'ssh -o UserKnownHostsFile=/dev/null ' +
+ '-o StrictHostKeyChecking=no'
+ }
+
+ steps {
+ sshagent(credentials: [SSH_CRED_ID]) {
+ echo "Publishing to git repository..."
+ // Note: Only stable release tags are published.
+ script {
+ if (params.CHANNEL == 'stable') {
+ sh 'git push --tags'
+ } else {
+ sh 'git push'
+ }
+ }
+ echo "Publishing release tarball to https://dl.jami.net..."
+ sh 'rsync --verbose jami*.tar.gz ' +
+ "${REMOTE_HOST}:${REMOTE_BASE_DIR}/release/tarballs/" +
+ "${params.CHANNEL}/"
+ }
+ }
+ }
+
stage('Build packages') {
environment {
DISABLE_CONTRIB_DOWNLOADS = 'TRUE'
@@ -185,32 +251,33 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
}
steps {
- script {
- TARGETS.each { target ->
- try {
- unstash target
- } catch (err) {
- echo "Failed to unstash ${target}, skipping..."
- return
+ sshagent(credentials: [SSH_CRED_ID]) {
+ script {
+ TARGETS.each { target ->
+ try {
+ unstash target
+ } catch (err) {
+ echo "Failed to unstash ${target}, skipping..."
+ return
+ }
}
- }
- def distributionsText = sh(
- script: 'find packages/* -maxdepth 1 -type d -print0 ' +
- '| xargs -0 -n1 basename -z',
- returnStdout: true).trim()
- def distributions = distributionsText.split("\0")
+ def distributionsText = sh(
+ script: 'find packages/* -maxdepth 1 -type d -print0 ' +
+ '| xargs -0 -n1 basename -z',
+ returnStdout: true).trim()
+ def distributions = distributionsText.split("\0")
- distributions.each { distribution ->
- echo "Deploying ${distribution} packages..."
- sh """scripts/deploy-packages.sh \
+ distributions.each { distribution ->
+ echo "Deploying ${distribution} packages..."
+ sh """scripts/deploy-packages.sh \
--distribution=${distribution} \
- --keyid="${RING_PUBLIC_KEY_FINGERPRINT}" \
+ --keyid="${JAMI_PUBLIC_KEY_FINGERPRINT}" \
--snapcraft-login="${SNAPCRAFT_KEY}" \
- --remote-ssh-identity-file="${SSH_PRIVATE_KEY}" \
--remote-repository-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/${params.CHANNEL}" \
--remote-manual-download-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/manual-${params.CHANNEL}"
"""
+ }
}
}
}
diff --git a/scripts/deploy-packages.sh b/scripts/deploy-packages.sh
index e6046f3444f897500ac4d12bd01c9178d4eb086e..eeb487c1ed9d6968f9caf6ed2975bff727bd1cd5 100755
--- a/scripts/deploy-packages.sh
+++ b/scripts/deploy-packages.sh
@@ -225,14 +225,14 @@ function package_snap()
echo "## deploying snap ##"
echo "####################"
- if [[ "${CHANNEL:0:19}" == "internal_experiment" ]]; then
+ if [[ $CHANNEL =~ internal ]]; then
DISTRIBUTION_REPOSITORY_FOLDER=$(realpath repositories)/${DISTRIBUTION}
mkdir -p ${DISTRIBUTION_REPOSITORY_FOLDER}
cp packages/${DISTRIBUTION}*/*.snap ${DISTRIBUTION_REPOSITORY_FOLDER}/
- elif [[ "${CHANNEL:0:7}" == "nightly" ]]; then
+ elif [[ $CHANNEL =~ nightly ]]; then
snapcraft login --with ${SNAPCRAFT_LOGIN}
snapcraft push packages/${DISTRIBUTION}*/*.snap --release edge
- elif [[ "${CHANNEL:0:6}" == "stable" ]]; then
+ elif [[ $CHANNEL =~ stable ]]; then
snapcraft login --with ${SNAPCRAFT_LOGIN}
snapcraft push packages/${DISTRIBUTION}*/*.snap --release stable
fi