mirror of
https://github.com/oxen-io/lokinet
synced 2023-12-14 06:53:00 +01:00
Add tar+upload to builds.lokinet.dev of static build
Relies on an SSH_KEY secret being set in the repository. Also move the linked library check to a bash script because escaping a value in jsonnet (escape once) that gets passed through yaml (escape twice) and then bash (escape again) is too painful.
This commit is contained in:
parent
861f83c9cc
commit
f54beadaa9
|
@ -22,6 +22,7 @@ local debian_pipeline(name, image,
|
|||
name: 'build',
|
||||
image: image,
|
||||
[if allow_fail then "failure"]: "ignore",
|
||||
environment: { SSH_KEY: { from_secret: "SSH_KEY" } },
|
||||
commands: [
|
||||
'echo "man-db man-db/auto-update boolean false" | debconf-set-selections',
|
||||
'apt-get update',
|
||||
|
@ -69,13 +70,6 @@ local debian_pipeline(name, image,
|
|||
debian_pipeline("Ubuntu focal (amd64)", "ubuntu:focal"),
|
||||
debian_pipeline("Ubuntu bionic (amd64)", "ubuntu:bionic", deps='g++-8 ' + default_deps_base,
|
||||
cmake_extra='-DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 -DDOWNLOAD_SODIUM=ON'),
|
||||
debian_pipeline("Ubuntu bionic/static (amd64)", "ubuntu:bionic", deps='g++-8 python3-dev',
|
||||
cmake_extra='-DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 ' +
|
||||
'-DDOWNLOAD_SODIUM=ON -DDOWNLOAD_CURL=ON -DDOWNLOAD_UV=ON -DWITH_SYSTEMD=OFF',
|
||||
extra_cmds=['if ldd daemon/lokinet | grep -Ev "(linux-vdso|ld-linux-x86-64|lib(pthread|dl|rt|stdc\\\\+\\\\+|gcc_s|c|m))\\\\.so"; ' +
|
||||
'then /bin/echo -e "\\\\e[31;1mlokinet links to unexpected libraries\\\\e[0m"; false; ' +
|
||||
'else /bin/echo -e "\\\\e[32;1mNo unexpected linked libraries found\\\\e[0m"; ' +
|
||||
'fi']),
|
||||
|
||||
// ARM builds (ARM64 and armhf)
|
||||
debian_pipeline("Ubuntu bionic (ARM64)", "ubuntu:bionic", arch="arm64", deps='g++-8 ' + default_deps_base,
|
||||
|
@ -83,6 +77,15 @@ local debian_pipeline(name, image,
|
|||
debian_pipeline("Debian sid (ARM64)", "debian:sid", arch="arm64"),
|
||||
debian_pipeline("Debian buster (armhf)", "arm32v7/debian:buster", arch="arm64", cmake_extra='-DDOWNLOAD_SODIUM=ON'),
|
||||
|
||||
// Static build (on bionic) which gets uploaded to builds.lokinet.dev:
|
||||
debian_pipeline("Static (focal amd64)", "ubuntu:bionic", deps='g++-8 python3-dev', lto=true,
|
||||
cmake_extra='-DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 ' +
|
||||
'-DDOWNLOAD_SODIUM=ON -DDOWNLOAD_CURL=ON -DDOWNLOAD_UV=ON -DWITH_SYSTEMD=OFF',
|
||||
extra_cmds=[
|
||||
'../contrib/ci/drone-check-static-libs.sh',
|
||||
'../contrib/ci/drone-static-upload.sh'
|
||||
]),
|
||||
|
||||
// Macos build
|
||||
{
|
||||
kind: 'pipeline',
|
||||
|
|
13
contrib/ci/drone-check-static-libs.sh
Executable file
13
contrib/ci/drone-check-static-libs.sh
Executable file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Script used with Drone CI to check that a statically build lokinet only links against the expected
|
||||
# base system libraries. Expects to be run with pwd of the build directory.
|
||||
|
||||
set -o errexit
|
||||
|
||||
if ldd daemon/lokinet | grep -Ev '(linux-vdso|ld-linux-x86-64|lib(pthread|dl|rt|stdc\+\+|gcc_s|c|m))\.so'; then
|
||||
echo -e "\n\n\n\n\e[31;1mlokinet links to unexpected libraries\e[0m\n\n\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "\n\n\n\n\e[32;1mNo unexpected linked libraries found\e[0m\n\n\n"
|
58
contrib/ci/drone-static-upload.sh
Executable file
58
contrib/ci/drone-static-upload.sh
Executable file
|
@ -0,0 +1,58 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Script used with Drone CI to upload build artifacts (because specifying all this in
|
||||
# .drone.jsonnet is too painful).
|
||||
|
||||
|
||||
|
||||
set -o errexit
|
||||
|
||||
if [ -z "$SSH_KEY" ]; then
|
||||
echo -e "\n\n\n\e[31;1mUnable to upload artifact: SSH_KEY not set\e[0m"
|
||||
# Just warn but don't fail, so that this doesn't trigger a build failure for untrusted builds
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "$SSH_KEY" >~/ssh_key
|
||||
|
||||
set -o xtrace # Don't start tracing until *after* we write the ssh key
|
||||
|
||||
chmod 600 ~/ssh_key
|
||||
|
||||
if [ -n "$DRONE_TAG" ]; then
|
||||
# For a tag build use something like `lokinet-linux-amd64-v1.2.3`
|
||||
base="lokinet-linux-$DRONE_STAGE_ARCH-$DRONE_TAG"
|
||||
else
|
||||
# Otherwise build a length name from the datetime and commit hash, such as:
|
||||
# lokinet-linux-amd64-20200522T212342Z-04d7dcc54
|
||||
base="lokinet-linux-$DRONE_STAGE_ARCH-$(date --date=@$DRONE_BUILD_CREATED +%Y%m%dT%H%M%SZ)-${DRONE_COMMIT:0:9}"
|
||||
fi
|
||||
|
||||
mkdir -v "$base"
|
||||
mv -v daemon/lokinet "$base"
|
||||
cp -av ../lokinet-bootstrap "$base"
|
||||
tar cJvf "${base}.tar.xz" "$base"
|
||||
|
||||
upload_to="builds.lokinet.dev/${DRONE_REPO// /_}/${DRONE_BRANCH// /_}"
|
||||
|
||||
# sftp doesn't have any equivalent to mkdir -p, so we have to split the above up into a chain of
|
||||
# -mkdir a/, -mkdir a/b/, -mkdir a/b/c/, ... commands. The leading `-` allows the command to fail
|
||||
# without error.
|
||||
upload_dirs=(${upload_to//\// })
|
||||
mkdirs=
|
||||
dir_tmp=""
|
||||
for p in "${upload_dirs[@]}"; do
|
||||
dir_tmp="$dir_tmp$p/"
|
||||
mkdirs="$mkdirs
|
||||
-mkdir $dir_tmp"
|
||||
done
|
||||
|
||||
sftp -i ~/ssh_key -b - -o StrictHostKeyChecking=off drone@builds.lokinet.dev <<SFTP
|
||||
$mkdirs
|
||||
put $base.tar.xz $upload_to
|
||||
SFTP
|
||||
|
||||
set +o xtrace
|
||||
|
||||
echo -e "\n\n\n\n\e[32;1mUploaded to https://${upload_to}/${base}.tar.xz\e[0m\n\n\n"
|
||||
|
Loading…
Reference in a new issue