From f996ac535f0572d4bf86e58df2356da14c606a2f Mon Sep 17 00:00:00 2001 From: peeweep Date: Thu, 23 Dec 2021 08:13:30 +0000 Subject: [PATCH] v1 --- .github/workflows/release-docker.yml | 42 ++++++++++++++ .github/workflows/release-pbuilder.yml | 18 ++++++ Dockerfile | 9 +++ README.md | 57 +++++++++++++++++++ README_zh.md | 57 +++++++++++++++++++ common/in_pbuilder/etc/apt/apt.conf | 2 + common/scripts/build-package.sh | 6 ++ common/scripts/change-version.sh | 24 ++++++++ common/scripts/prepare-pbuilder.sh | 11 ++++ entrypoint.sh | 18 ++++++ mkpbuilder/etc/pbuilderrc | 11 ++++ mkpbuilder/scripts/build-pbuilder-tgz.sh | 9 +++ .../cache/pbuilder/hook.d/D10deepin-keyring | 6 ++ repos/buster/in_pbuilder/etc/apt/sources.list | 1 + repos/deepin/in_pbuilder/etc/apt/sources.list | 1 + 15 files changed, 272 insertions(+) create mode 100644 .github/workflows/release-docker.yml create mode 100644 .github/workflows/release-pbuilder.yml create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 README_zh.md create mode 100644 common/in_pbuilder/etc/apt/apt.conf create mode 100755 common/scripts/build-package.sh create mode 100755 common/scripts/change-version.sh create mode 100755 common/scripts/prepare-pbuilder.sh create mode 100755 entrypoint.sh create mode 100644 mkpbuilder/etc/pbuilderrc create mode 100755 mkpbuilder/scripts/build-pbuilder-tgz.sh create mode 100755 mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring create mode 100644 repos/buster/in_pbuilder/etc/apt/sources.list create mode 100644 repos/deepin/in_pbuilder/etc/apt/sources.list diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml new file mode 100644 index 0000000..5d89160 --- /dev/null +++ b/.github/workflows/release-docker.yml @@ -0,0 +1,42 @@ +name: Publish Docker + +on: + push: + tags: + - 'v*' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: linuxdeepin/deepin-github + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v2 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/release-pbuilder.yml b/.github/workflows/release-pbuilder.yml new file mode 100644 index 0000000..a7a9a61 --- /dev/null +++ b/.github/workflows/release-pbuilder.yml @@ -0,0 +1,18 @@ +name: Publish Pbuilder + +on: + push: + tags: + - 'v*' + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Build Pbuilder + run: mkpbuilder/scripts/build-pbuilder-tgz.sh + - name: Upload release artifacts + uses: softprops/action-gh-release@v1 + with: + files: pbuilder.tgz diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..50833ea --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM debian:sid-slim +RUN apt update +RUN apt install -y sudo pbuilder devscripts ca-certificates + +COPY entrypoint.sh /entrypoint.sh +ADD common /app/common +ADD repos /app/repos + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..81fe9b2 --- /dev/null +++ b/README.md @@ -0,0 +1,57 @@ +# Deepin Pbuilder Docker Image + +[简体中文](./README_zh.md) + +## What is this + +This is a docker image for build Debian package. + +[![Publish Docker](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml) +[![Publish Pbuilder](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml) + +## How to use this in Github Actions + +create Github Action YAML file `.github/workflows/pr.yml`: + +``` yaml +on: [pull_request] + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/linuxdeepin/deepin-github:latest + options: --privileged + steps: + - uses: actions/checkout@v2 + - run: /entrypoint.sh +``` + +Use deepin-community repository by default, we can use `/entrypoint.sh reponame` to special which repo used for compiling. + +The currently maintainly repos could be found in [repos folder](./repos). + + +Multi-repos build Actions example: + +``` yaml +on: [pull_request] + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/linuxdeepin/deepin-github:latest + options: --privileged + strategy: + matrix: + repo: [deepin, buster] + steps: + - uses: actions/checkout@v2 + - run: /entrypoint.sh ${{ matrix.repo }} +``` + + +## Why this image required `privileged` + +Because we use [Pbuilder](https://pbuilder-team.pages.debian.net/pbuilder) to build package, Pbuilder need permission to mount something like `/proc` ... diff --git a/README_zh.md b/README_zh.md new file mode 100644 index 0000000..cea17e6 --- /dev/null +++ b/README_zh.md @@ -0,0 +1,57 @@ +# Deepin Pbuilder Docker 镜像 + +[English](README.md) + +## 介绍 + +这是一个编译 Debian 包的 Docker 镜像 + +[![Publish Docker](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml) +[![Publish Pbuilder](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml) + +## 如何在Github Actions 里使用 + +编辑 `.github/workflows/pr.yml`: + +``` yaml +on: [pull_request] + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/linuxdeepin/deepin-github:latest + options: --privileged + steps: + - uses: actions/checkout@v2 + - run: /entrypoint.sh +``` + +默认使用Deepin 社区仓库编译,可以通过`/entrypoint.sh 仓库名`来指定使用哪个仓库来编译, 当前支持的仓库可以在 [repos 文件夹](./repos) 中看到 + + +多仓库Actions 示例: + +``` yaml +on: [pull_request] + +jobs: + build: + runs-on: ubuntu-latest + container: + image: ghcr.io/linuxdeepin/deepin-github:latest + options: --privileged + strategy: + matrix: + repo: [deepin, buster] + steps: + - uses: actions/checkout@v2 + - run: /entrypoint.sh ${{ matrix.repo }} +``` + + + + +## 为什么这个镜像要求 `privileged` 权限 + +因为我们选择使用 [Pbuilder](https://pbuilder-team.pages.debian.net/pbuilder) 来编包, Pbuilder 需要一些权限来挂载 `/proc` 之类的目录 diff --git a/common/in_pbuilder/etc/apt/apt.conf b/common/in_pbuilder/etc/apt/apt.conf new file mode 100644 index 0000000..1592c1d --- /dev/null +++ b/common/in_pbuilder/etc/apt/apt.conf @@ -0,0 +1,2 @@ +Acquire::http::No-Cache true; +Acquire::http::Pipeline-Depth 0; diff --git a/common/scripts/build-package.sh b/common/scripts/build-package.sh new file mode 100755 index 0000000..0c72de9 --- /dev/null +++ b/common/scripts/build-package.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -x +BUILD_DIR="/opt/cache/build" +dpkg-source -b ./ +sudo /usr/sbin/pbuilder --update --no-targz --buildplace ${BUILD_DIR} +sudo DEB_BUILD_OPTIONS=nocheck /usr/sbin/pbuilder --build --no-targz --buildplace ${BUILD_DIR} --buildresult /opt/cache/build-result ../*.dsc diff --git a/common/scripts/change-version.sh b/common/scripts/change-version.sh new file mode 100755 index 0000000..078144a --- /dev/null +++ b/common/scripts/change-version.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -x +short_hash=$(git log -n 1 --pretty=format:'%h') +tag=$(git describe --tags --long | awk -F "-$num-g$short_hash" '{print $1}') || echo +if [ $tag ]; then + version=${tag}+g${short_hash} +else + version=0.0.0+g${short_hash} +fi + +if [[ $(echo $(cat debian/changelog | head -n 1 | awk -F '(' '{print $2}' | awk -F ')' '{print $1}') | grep :) ]]; then + prefix=$(cat debian/changelog | head -n 1 | awk -F '(' '{print $2}' | awk -F ')' '{print $1}' | awk -F ':' '{print $1}') +fi + +if [ ${prefix} ]; then + version=${prefix}:${version} +fi + +if [ -f debian/source/format ] && [[ $(grep quilt debian/source/format) ]]; then + dch -M -bv "${version}-1" -D unstable "hash: ${short_hash}" + git deborig --force HEAD +else + dch -M -bv "${version}" -D unstable "hash: ${short_hash}" +fi diff --git a/common/scripts/prepare-pbuilder.sh b/common/scripts/prepare-pbuilder.sh new file mode 100755 index 0000000..8687540 --- /dev/null +++ b/common/scripts/prepare-pbuilder.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -x +BUILD_DIR="/opt/cache/build" +sudo mkdir -p ${BUILD_DIR} +wget -q https://github.com/linuxdeepin/deepin-github/releases/latest/download/pbuilder.tgz -O /opt/cache/pbuilder.tgz +sudo mkdir -p ${BUILD_DIR} +sudo tar xf /opt/cache/pbuilder.tgz -C ${BUILD_DIR} +sudo rm -rfv ${BUILD_DIR}/proc +sudo cp /app/common/in_pbuilder/* ${BUILD_DIR}/ -rv +sudo cp /app/repos/${repo}/in_pbuilder/* ${BUILD_DIR}/ -rv +cat ${BUILD_DIR}/etc/apt/sources.list diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..9df4f5e --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -x +repos=$(ls -d /app/repos/* | awk -F '/' '{print $NF}') + +for m_repo in $repos; do + case "$m_repo" in + $1) + export repo=$1 + break + ;; + *) + export repo=deepin + ;; + esac +done +/app/common/scripts/prepare-pbuilder.sh +/app/common/scripts/change-version.sh +/app/common/scripts/build-package.sh diff --git a/mkpbuilder/etc/pbuilderrc b/mkpbuilder/etc/pbuilderrc new file mode 100644 index 0000000..272ab77 --- /dev/null +++ b/mkpbuilder/etc/pbuilderrc @@ -0,0 +1,11 @@ +DEBOOTSTRAPOPTS=( + '--variant=minbase' + '--no-check-gpg' + "--include=ca-certificates,wget" + ) +APTCACHE="" +HOOKDIR="/var/cache/pbuilder/hook.d/" +COMPONENTS="main contrib non-free" +APTCACHEHARDLINK=no +AUTOCLEANAPTCACHE=yes +MIRRORSITE=https://deb.debian.org/debian/ diff --git a/mkpbuilder/scripts/build-pbuilder-tgz.sh b/mkpbuilder/scripts/build-pbuilder-tgz.sh new file mode 100755 index 0000000..f29328d --- /dev/null +++ b/mkpbuilder/scripts/build-pbuilder-tgz.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -x +sudo apt update +sudo apt -y install pbuilder +sudo install -Dvm644 mkpbuilder/etc/pbuilderrc /etc/pbuilderrc +sudo install -Dvm755 mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring /var/cache/pbuilder/hook.d/E10deepin-keyring +cat /etc/pbuilderrc +sudo pbuilder --create --distribution buster --basetgz ./pbuilder.tgz + diff --git a/mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring b/mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring new file mode 100755 index 0000000..6fabf44 --- /dev/null +++ b/mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +keyring_deb=/tmp/deepin-keyring.deb +wget https://community-packages.deepin.com/deepin/pool/main/d/deepin-keyring/deepin-keyring_2021.06.07-1_all.deb -O ${keyring_deb} +apt -y install ${keyring_deb} +rm -v ${keyring_deb} diff --git a/repos/buster/in_pbuilder/etc/apt/sources.list b/repos/buster/in_pbuilder/etc/apt/sources.list new file mode 100644 index 0000000..992318b --- /dev/null +++ b/repos/buster/in_pbuilder/etc/apt/sources.list @@ -0,0 +1 @@ +deb https://deb.debian.org/debian buster main contrib non-free diff --git a/repos/deepin/in_pbuilder/etc/apt/sources.list b/repos/deepin/in_pbuilder/etc/apt/sources.list new file mode 100644 index 0000000..719a6ee --- /dev/null +++ b/repos/deepin/in_pbuilder/etc/apt/sources.list @@ -0,0 +1 @@ +deb https://community-packages.deepin.com/deepin apricot main contrib non-free