Skip to content

Linux packaging

Linux packaging #17

Workflow file for this run

name: Linux packaging
on:
workflow_call:
inputs:
groupId:
description: "Value from the groupId field in pom.xml. i.e. org.liquibase"
required: true
type: string
artifactId:
description: "Value from the artifactId field in pom.xml. i.e. liquibase"
required: true
type: string
version:
description: "Value from the version field in pom.xml. i.e 4.23.0"
type: string
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: false
type: boolean
default: false
dry_run_zip_url:
description: 'URL of the dry-run zip release'
required: false
type: string
dry_run_tar_gz_url:
description: 'URL of the dry-run tar.gz release'
required: false
type: string
secrets:
GPG_SECRET:
description: "GPG_SECRET from the caller workflow"
required: true
GPG_PASSPHRASE:
description: "GPG_PASSPHRASE from the caller workflow"
required: true
GPG_SECRET_KEY_ID:
description: "GPG_SECRET_KEY_ID from the caller workflow"
required: true
workflow_dispatch:
inputs:
groupId:
description: "Value from the groupId field in pom.xml. i.e. org.liquibase"
required: true
type: string
artifactId:
description: "Value from the artifactId field in pom.xml. i.e. liquibase"
required: true
type: string
version:
description: "Value from the version field in pom.xml. i.e 4.23.0"
type: string
dry_run:
description: 'Flag to indicate if the workflow is triggered to create a dry-run release'
required: false
type: boolean
default: false
dry_run_zip_url:
description: 'URL of the dry-run zip release'
required: false
type: string
dry_run_tar_gz_url:
description: 'URL of the dry-run tar.gz release'
required: false
type: string
env:
MAVEN_VERSION: "3.9.5"
jobs:
upload_packages:
name: Upload ${{ inputs.artifactId }} packages
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.4
- name: Get Reusable Files
run: |
# Under the src folder is where specific packages files live. The GitHub action inputs will modify the universal package-deb-pom.xml to tell the process which assets to use during the packaging step
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/deb/control
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/main/archive
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/control
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/postinst
curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh
curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/package-deb-pom.xml
curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/sign_artifact.sh
chmod +x $PWD/.github/sign_artifact.sh
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_SECRET }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_PROD_GITHUB_OIDC_ROLE_ARN_BUILD_LOGIC }}
aws-region: us-east-1
- name: Upload ${{ inputs.artifactId }} rpm package
if: ${{ inputs.dry_run == false }}
run: |
sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake
mkdir createrepo_folder
cd createrepo_folder
git clone https://github.com/rpm-software-management/createrepo_c
cd createrepo_c
mkdir build
cd build
cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO
make -j
cp src/createrepo_c /opt/createrepo
cd ../../..
mkdir -p $PWD/yum/noarch
aws s3 ls s3://repo.liquibase.com/yum/noarch/ | grep -E '\.rpm$' | awk '{print $4}' | xargs -I {} aws s3 cp s3://repo.liquibase.com/yum/noarch/{} $PWD/yum/noarch
/opt/createrepo -dp $PWD/yum/noarch
./.github/sign_artifact.sh $PWD/yum/noarch/repodata/repomd.xml
aws s3 sync $PWD/yum s3://repo.liquibase.com/yum
- name: Ensure s3 bucket public access is enabled
run: |
aws s3api put-bucket-acl --bucket repo.liquibase.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers