Skip to content

build-git-installers: target an older Ubuntu version #719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jan 21, 2025
Merged

build-git-installers: target an older Ubuntu version #719

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
56a8f71
fixup! release: create initial Windows installer build workflow
dscho Jan 20, 2025
a8adc02
fixup! release: build unsigned Ubuntu .deb package
dscho Jan 17, 2025
32d4e95
fixup! release: build unsigned Ubuntu .deb package
dscho Jan 20, 2025
c4514dc
fixup! release: build unsigned Ubuntu .deb package
dscho Jan 20, 2025
ed8287b
fixup! release: build unsigned Ubuntu .deb package
dscho Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 41 additions & 15 deletions .github/workflows/build-git-installers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ jobs:
# Check prerequisites for the workflow
prereqs:
runs-on: ubuntu-latest
environment: release
outputs:
tag_name: ${{ steps.tag.outputs.name }} # The full name of the tag, e.g. v2.32.0.vfs.0.0
tag_version: ${{ steps.tag.outputs.version }} # The version number (without preceding "v"), e.g. 2.32.0.vfs.0.0
Expand Down Expand Up @@ -491,16 +490,30 @@ jobs:
# End build and sign Mac OSX installers

# Build and sign Debian package
create-linux-artifacts:
create-linux-unsigned-artifacts:
runs-on: ubuntu-latest
container:
image: ubuntu:16.04 # expanded security maintenance until 04/02/2026, according to https://endoflife.date/ubuntu
volumes:
# override /__e/node20 because GitHub Actions uses a version that requires too-recent glibc, see "Install dependencies" below
- /tmp:/__e/node20
needs: prereqs
environment: release
steps:
- name: Install git dependencies
- name: Install dependencies
run: |
set -ex
sudo apt-get update -q
sudo apt-get install -y -q --no-install-recommends gettext libcurl4-gnutls-dev libpcre3-dev asciidoc xmlto
apt-get update -q
apt-get install -y -q --no-install-recommends \
build-essential \
tcl tk gettext asciidoc xmlto \
libcurl4-gnutls-dev libpcre2-dev zlib1g-dev libexpat-dev \
curl ca-certificates

# Install a Node.js version that works in older Ubuntu containers (read: does not require very recent glibc)
NODE_VERSION=v20.18.1 &&
NODE_URL=https://unofficial-builds.nodejs.org/download/release/$NODE_VERSION/node-$NODE_VERSION-linux-x64-glibc-217.tar.gz &&
curl -Lo /tmp/node.tar.gz $NODE_URL &&
tar -C /__e/node20 -x --strip-components=1 -f /tmp/node.tar.gz

- name: Clone git
uses: actions/checkout@v4
Expand Down Expand Up @@ -534,6 +547,7 @@ jobs:

DESTDIR="$PKGDIR" make -C git -j5 V=1 DEVELOPER=1 \
USE_LIBPCRE=1 \
USE_CURL_FOR_IMAP_SEND=1 NO_OPENSSL=1 \
NO_CROSS_DIRECTORY_HARDLINKS=1 \
ASCIIDOC8=1 ASCIIDOC_NO_ROFF=1 \
ASCIIDOC='TZ=UTC asciidoc' \
Expand Down Expand Up @@ -563,6 +577,18 @@ jobs:
# Move Debian package for later artifact upload
mv "$PKGNAME.deb" "$GITHUB_WORKSPACE"

- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: linux-unsigned-artifacts
path: |
*.deb

create-linux-artifacts:
runs-on: ubuntu-latest
needs: [prereqs, create-linux-unsigned-artifacts]
environment: release
steps:
- name: Log into Azure
uses: azure/login@v2
with:
Expand All @@ -578,17 +604,12 @@ jobs:
GPG_KEYGRIP_SECRET_NAME: ${{ secrets.GPG_KEYGRIP_SECRET_NAME }}
run: |
# Install debsigs
sudo apt install debsigs
sudo apt-get install -y debsigs

# Download GPG key, passphrase, and keygrip from Azure Key Vault
key=$(az keyvault secret show --name $GPG_KEY_SECRET_NAME --vault-name $AZURE_VAULT --query "value")
passphrase=$(az keyvault secret show --name $GPG_PASSPHRASE_SECRET_NAME --vault-name $AZURE_VAULT --query "value")
keygrip=$(az keyvault secret show --name $GPG_KEYGRIP_SECRET_NAME --vault-name $AZURE_VAULT --query "value")

# Remove quotes from downloaded values
key=$(sed -e 's/^"//' -e 's/"$//' <<<"$key")
passphrase=$(sed -e 's/^"//' -e 's/"$//' <<<"$passphrase")
keygrip=$(sed -e 's/^"//' -e 's/"$//' <<<"$keygrip")
key="$(az keyvault secret show --name "$GPG_KEY_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"
passphrase="$(az keyvault secret show --name "$GPG_PASSPHRASE_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"
keygrip="$(az keyvault secret show --name "$GPG_KEYGRIP_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"

# Import GPG key
echo "$key" | base64 -d | gpg --import --no-tty --batch --yes
Expand All @@ -598,6 +619,11 @@ jobs:
gpg-connect-agent RELOADAGENT /bye
/usr/lib/gnupg2/gpg-preset-passphrase --preset "$keygrip" <<<"$passphrase"

- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: linux-unsigned-artifacts

- name: Sign Debian package
run: |
# Sign Debian package
Expand Down
Loading