Skip to content

Linux packaging

Linux packaging #10

Workflow file for this run

name: Linux packaging
on:
workflow_call:
inputs:
groupId:
description: "Value from the groupId field in pom.xml. i.e. org.liquibase"
required: true
type: string
artifactId:
description: "Value from the artifactId field in pom.xml. i.e. liquibase"
required: true
type: string
version:
description: "Value from the version field in pom.xml. i.e 4.23.0"
type: string
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: false
type: boolean
default: false
dry_run_zip_url:
description: 'URL of the dry-run zip release'
required: false
type: string
dry_run_tar_gz_url:
description: 'URL of the dry-run tar.gz release'
required: false
type: string
secrets:
GPG_SECRET:
description: "GPG_SECRET from the caller workflow"
required: true
GPG_PASSPHRASE:
description: "GPG_PASSPHRASE from the caller workflow"
required: true
GPG_SECRET_KEY_ID:
description: "GPG_SECRET_KEY_ID from the caller workflow"
required: true
workflow_dispatch:
inputs:
groupId:
description: "Value from the groupId field in pom.xml. i.e. org.liquibase"
required: true
type: string
artifactId:
description: "Value from the artifactId field in pom.xml. i.e. liquibase"
required: true
type: string
version:
description: "Value from the version field in pom.xml. i.e 4.23.0"
type: string
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: false
type: boolean
default: false
dry_run_zip_url:
description: 'URL of the dry-run zip release'
required: false
type: string
dry_run_tar_gz_url:
description: 'URL of the dry-run tar.gz release'
required: false
type: string
env:
MAVEN_VERSION: "3.9.5"
jobs:
upload_packages:
name: Upload ${{ inputs.artifactId }} packages
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Checkout OSS Repo
uses: actions/checkout@v4
with:
repository: liquibase/liquibase
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: "17"
distribution: "temurin"
cache: "maven"
- name: Set up Maven
uses: stCarolas/[email protected]
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.4
- name: Get Reusable Files
run: |
# Under the src folder is where specific packages files live. The GitHub action inputs will modify the universal package-deb-pom.xml to tell the process which assets to use during the packaging step
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/deb/control
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/main/archive
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/control
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/postinst
curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh
curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/package-deb-pom.xml
curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/sign_artifact.sh
chmod +x $PWD/.github/sign_artifact.sh
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_SECRET }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_PROD_GITHUB_OIDC_ROLE_ARN_BUILD_LOGIC }}
aws-region: us-east-1
- name: Download ${{ inputs.artifactId }} Release
if: ${{ inputs.dry_run == false }}
run: |
mkdir -p $PWD/.github/target
# Creating deb packages needs to get release assets from somewhere so be sure to follow this pattern in the artifact repo: https://github.com/liquibase/ARTIFACT_ID/releases/download/vVERSION/ARTIFACT_ID-VERSION.tar.gz
wget -q -O $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.tar.gz https://github.com/liquibase/${{ inputs.artifactId }}/releases/download/v${{ inputs.version }}/${{ inputs.artifactId }}-${{ inputs.version }}.tar.gz
- name: Build ${{ inputs.artifactId }} deb package
run: |
mvn package -f $PWD/.github/package-deb-pom.xml -DgroupId=${{ inputs.groupId }} -DartifactId=${{ inputs.artifactId }} -Drevision=${{ inputs.version }} -DskipTests
- name: Convert deb to rpm
run: |
sudo apt-get update
sudo apt-get install -y alien
sudo alien --to-rpm --keep-version $PWD/.github/target/${{ inputs.artifactId }}-${{ inputs.version }}.deb
- name: Upload ${{ inputs.artifactId }} rpm package
if: ${{ inputs.dry_run == false }}
run: |
sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake
./.github/sign_artifact.sh ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch.rpm
mkdir createrepo_folder
cd createrepo_folder
git clone https://github.com/rpm-software-management/createrepo_c
cd createrepo_c
mkdir build
cd build
cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO
make -j
cp src/createrepo_c /opt/createrepo
cd ../../..
mkdir -p $PWD/yum/noarch
aws s3 ls s3://repo.liquibase.com/yum/noarch/ | grep -E '\.rpm$' | awk '{print $4}' | xargs -I {} aws s3 cp s3://repo.liquibase.com/yum/noarch/{} $PWD/yum/noarch
/opt/createrepo -h
/opt/createrepo -dp $PWD/yum/noarch
./.github/sign_artifact.sh $PWD/yum/noarch/repodata/repomd.xml
mv ${{ inputs.artifactId }}-${{ inputs.version }}-1.noarch* $PWD/yum/noarch
aws s3 sync $PWD/yum s3://repo.liquibase.com/yum
- name: Ensure s3 bucket public access is enabled
run: |
aws s3api put-bucket-acl --bucket repo.liquibase.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers