Skip to content
Snippets Groups Projects
Unverified Commit d0e3d621 authored by Maxim Cournoyer's avatar Maxim Cournoyer Committed by Maxim Cournoyer
Browse files

Jenkinsfile: Publish release artifacts for release branches.

Previously, the Jenkinsfile did not publish anything except from the
repositories: tarballs would not get copied to https://dl.jami.net for
the nighty and stable channels, and no commit nor tag would be
published for the release.

This change addresses these shortcomings with the following changes:

1. Tarballs are produced for the nightly and stable channels, and
organized in a sub-directory matching their channel name.
2. Release commits are made to their corresponding
channel (stable/nightly).
3. Stable releases are also tagged with 'YYYYmmdd.$day_commits_count.$commit_id'.

* Jenkinsfile (SSH_PRIVATE_KEY): Remove variable.
(RING_PUBLIC_KEY_FINGERPRINT): Rename to...
(JAMI_PUBLIC_KEY_FINGERPRINT): ... this.
(GIT_USER_EMAIL, SSH_CRED_ID): New variables.
(params.DEPLOY): Fix description.
(Checkout channel branch): New stage.
(Generate release tarball): Also commit and tag.
(Publish release artifacts): New stage to publish conditionally based on the
DEPLOY parameter and the selected channel.
(Sign & deploy packages): Use the 'sshagent' step to setup SSH access.
<--remote-ssh-identity-file>: Remove argument.
* scripts/deploy-packages.sh (package_snap): Simplify.

Change-Id: I9008ecc2a4ef9820dbc96e26c966ae72110d897d
parent 37be4c3b
Branches
No related tags found
No related merge requests found
...@@ -26,14 +26,22 @@ ...@@ -26,14 +26,22 @@
// 2. ws-cleanup plugin // 2. ws-cleanup plugin
// 3. ansicolor plugin // 3. ansicolor plugin
// TODO:
// - GPG-sign release tarballs.
// - GPG-sign release commits.
// - Allow publishing from any node, to avoid relying on a single machine.
// Configuration globals. // Configuration globals.
def SUBMODULES = ['daemon', 'lrc', 'client-gnome', 'client-qt'] def SUBMODULES = ['daemon', 'lrc', 'client-gnome', 'client-qt']
def TARGETS = [:] def TARGETS = [:]
def SSH_PRIVATE_KEY = '/var/lib/jenkins/.ssh/gplpriv'
def REMOTE_HOST = env.SSH_HOST_DL_RING_CX def REMOTE_HOST = env.SSH_HOST_DL_RING_CX
def REMOTE_BASE_DIR = '/srv/repository/ring' def REMOTE_BASE_DIR = '/srv/repository/ring'
def RING_PUBLIC_KEY_FINGERPRINT = 'A295D773307D25A33AE72F2F64CD5FA175348F84' def JAMI_PUBLIC_KEY_FINGERPRINT = 'A295D773307D25A33AE72F2F64CD5FA175348F84'
def SNAPCRAFT_KEY = '/var/lib/jenkins/.snap/key' def SNAPCRAFT_KEY = '/var/lib/jenkins/.snap/key'
def GIT_USER_EMAIL = 'jenkins@jami.net'
def GIT_USER_NAME = 'jenkins'
def GIT_PUSH_URL = 'ssh://jenkins@review.jami.net:29420/jami-project'
def SSH_CRED_ID = '35cefd32-dd99-41b0-8312-0b386df306ff'
pipeline { pipeline {
agent { agent {
...@@ -72,7 +80,10 @@ pipeline { ...@@ -72,7 +80,10 @@ pipeline {
description: 'Whether to build ARM packages.') description: 'Whether to build ARM packages.')
booleanParam(name: 'DEPLOY', booleanParam(name: 'DEPLOY',
defaultValue: false, defaultValue: false,
description: 'Whether and where to deploy packages.') description: 'Whether to deploy packages.')
booleanParam(name: 'PUBLISH',
defaultValue: false,
description: 'Whether to upload tarball and push to git.')
choice(name: 'CHANNEL', choice(name: 'CHANNEL',
choices: 'internal\nnightly\nstable', choices: 'internal\nnightly\nstable',
description: 'The repository channel to deploy to. ' + description: 'The repository channel to deploy to. ' +
...@@ -107,6 +118,28 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client ...@@ -107,6 +118,28 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
} }
} }
stage('Configure Git') {
steps {
sh """git config user.name ${GIT_USER_NAME}
git config user.email ${GIT_USER_EMAIL}
git remote set-url origin ${GIT_PUSH_URL}
"""
}
}
stage('Checkout channel branch') {
when {
expression {
params.CHANNEL != 'internal'
}
}
steps {
sh "git checkout ${params.CHANNEL} " +
'&& git merge --no-commit FETCH_HEAD'
}
}
stage('Fetch submodules') { stage('Fetch submodules') {
steps { steps {
echo 'Initializing submodules ' + SUBMODULES.join(', ') + echo 'Initializing submodules ' + SUBMODULES.join(', ') +
...@@ -119,14 +152,47 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client ...@@ -119,14 +152,47 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
stage('Generate release tarball') { stage('Generate release tarball') {
steps { steps {
sh '''#!/usr/bin/env -S bash -l sh """#!/usr/bin/env -S bash -l
git commit -am "New release."
make portable-release-tarball .tarball-version make portable-release-tarball .tarball-version
''' git tag \$(cat .tarball-version)
"""
stash(includes: '*.tar.gz, .tarball-version', stash(includes: '*.tar.gz, .tarball-version',
name: 'release-tarball') name: 'release-tarball')
} }
} }
stage('Publish release artifacts') {
when {
expression {
params.PUBLISH && params.CHANNEL != 'internal'
}
}
environment {
GIT_SSH_COMMAND = 'ssh -o UserKnownHostsFile=/dev/null ' +
'-o StrictHostKeyChecking=no'
}
steps {
sshagent(credentials: [SSH_CRED_ID]) {
echo "Publishing to git repository..."
// Note: Only stable release tags are published.
script {
if (params.CHANNEL == 'stable') {
sh 'git push --tags'
} else {
sh 'git push'
}
}
echo "Publishing release tarball to https://dl.jami.net..."
sh 'rsync --verbose jami*.tar.gz ' +
"${REMOTE_HOST}:${REMOTE_BASE_DIR}/release/tarballs/" +
"${params.CHANNEL}/"
}
}
}
stage('Build packages') { stage('Build packages') {
environment { environment {
DISABLE_CONTRIB_DOWNLOADS = 'TRUE' DISABLE_CONTRIB_DOWNLOADS = 'TRUE'
...@@ -185,6 +251,7 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client ...@@ -185,6 +251,7 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
} }
steps { steps {
sshagent(credentials: [SSH_CRED_ID]) {
script { script {
TARGETS.each { target -> TARGETS.each { target ->
try { try {
...@@ -205,9 +272,8 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client ...@@ -205,9 +272,8 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
echo "Deploying ${distribution} packages..." echo "Deploying ${distribution} packages..."
sh """scripts/deploy-packages.sh \ sh """scripts/deploy-packages.sh \
--distribution=${distribution} \ --distribution=${distribution} \
--keyid="${RING_PUBLIC_KEY_FINGERPRINT}" \ --keyid="${JAMI_PUBLIC_KEY_FINGERPRINT}" \
--snapcraft-login="${SNAPCRAFT_KEY}" \ --snapcraft-login="${SNAPCRAFT_KEY}" \
--remote-ssh-identity-file="${SSH_PRIVATE_KEY}" \
--remote-repository-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/${params.CHANNEL}" \ --remote-repository-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/${params.CHANNEL}" \
--remote-manual-download-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/manual-${params.CHANNEL}" --remote-manual-download-location="${REMOTE_HOST}:${REMOTE_BASE_DIR}/manual-${params.CHANNEL}"
""" """
...@@ -217,3 +283,4 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client ...@@ -217,3 +283,4 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
} }
} }
} }
}
...@@ -225,14 +225,14 @@ function package_snap() ...@@ -225,14 +225,14 @@ function package_snap()
echo "## deploying snap ##" echo "## deploying snap ##"
echo "####################" echo "####################"
if [[ "${CHANNEL:0:19}" == "internal_experiment" ]]; then if [[ $CHANNEL =~ internal ]]; then
DISTRIBUTION_REPOSITORY_FOLDER=$(realpath repositories)/${DISTRIBUTION} DISTRIBUTION_REPOSITORY_FOLDER=$(realpath repositories)/${DISTRIBUTION}
mkdir -p ${DISTRIBUTION_REPOSITORY_FOLDER} mkdir -p ${DISTRIBUTION_REPOSITORY_FOLDER}
cp packages/${DISTRIBUTION}*/*.snap ${DISTRIBUTION_REPOSITORY_FOLDER}/ cp packages/${DISTRIBUTION}*/*.snap ${DISTRIBUTION_REPOSITORY_FOLDER}/
elif [[ "${CHANNEL:0:7}" == "nightly" ]]; then elif [[ $CHANNEL =~ nightly ]]; then
snapcraft login --with ${SNAPCRAFT_LOGIN} snapcraft login --with ${SNAPCRAFT_LOGIN}
snapcraft push packages/${DISTRIBUTION}*/*.snap --release edge snapcraft push packages/${DISTRIBUTION}*/*.snap --release edge
elif [[ "${CHANNEL:0:6}" == "stable" ]]; then elif [[ $CHANNEL =~ stable ]]; then
snapcraft login --with ${SNAPCRAFT_LOGIN} snapcraft login --with ${SNAPCRAFT_LOGIN}
snapcraft push packages/${DISTRIBUTION}*/*.snap --release stable snapcraft push packages/${DISTRIBUTION}*/*.snap --release stable
fi fi
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment