Build and Publish to APT #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish to APT | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
inputs: | |
tag_name: | |
description: "Release tag name for testing (e.g., 2.1.2)" | |
required: true | |
default: "" | |
build_dists: | |
description: "Distributions to build for (comma-separated, e.g., focal,jammy, noble)" | |
required: false | |
default: "focal,jammy,noble" | |
smoke_test_images: | |
description: "Docker images for smoke testing (comma-separated, e.g., ubuntu:20.04,ubuntu:22.04,ubuntu:24.04)" | |
required: false | |
default: "ubuntu:20.04,ubuntu:22.04,ubuntu:24.04" | |
jobs: | |
build-source-package: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
dist: ${{ fromJSON(vars.BUILD_DISTS) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: sources | |
- name: Install dependencies | |
run: | | |
sudo apt-get update && \ | |
sudo apt-get install \ | |
debhelper dput libevent-dev libpcre2-dev libssl-dev pkg-config | |
- name: Create changelog | |
env: | |
VERSION: ${{ github.event.inputs.tag_name || github.event.release.tag_name }} | |
DIST: ${{ matrix.dist }} | |
run: | | |
mkdir -p sources/debian | |
if [ "${{ github.event_name }}" = "release" ]; then | |
RELEASE_URL=": ${{ github.event.release.html_url }}" | |
else | |
RELEASE_URL="" | |
fi | |
(echo "memtier-benchmark ($VERSION~$DIST) $DIST; urgency=medium" | |
echo "" | |
echo " * Release $VERSION$RELEASE_URL" | |
echo "" | |
echo " -- Redis Team <[email protected]> $(date -R)") > sources/debian/changelog | |
- name: Build source package | |
run: | | |
cd sources && dpkg-buildpackage -S | |
- name: Upload source package artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: source-${{ matrix.dist }} | |
path: | | |
*.debian.tar.* | |
*.dsc | |
memtier-benchmark_*.tar.* | |
build-binary-package: | |
runs-on: ubuntu-latest | |
environment: build | |
strategy: | |
matrix: | |
dist: ${{ fromJSON(vars.BUILD_DISTS) }} | |
arch: ${{ fromJSON(vars.BUILD_ARCHS) }} | |
exclude: ${{ fromJSON(vars.BUILD_EXCLUDE) }} | |
needs: build-source-package | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Determine build architecture | |
run: | | |
if [ ${{ matrix.arch }} = "i386" ]; then | |
BUILD_ARCH=i386 | |
else | |
BUILD_ARCH=amd64 | |
fi | |
echo "BUILD_ARCH=${BUILD_ARCH}" >> $GITHUB_ENV | |
- name: Setup APT Signing key | |
run: | | |
mkdir -m 0700 -p ~/.gnupg | |
echo "$APT_SIGNING_KEY" | gpg --import | |
env: | |
APT_SIGNING_KEY: ${{ secrets.APT_SIGNING_KEY }} | |
- name: Install dependencies | |
run: | | |
sudo apt-get update && \ | |
sudo apt-get install \ | |
sbuild debhelper | |
sudo sbuild-adduser $USER | |
- name: Prepare sbuild environment | |
run: sudo ./debian/setup_sbuild.sh ${{ matrix.dist }} ${{ env.BUILD_ARCH }} | |
- name: Get source package | |
uses: actions/download-artifact@v4 | |
with: | |
name: source-${{ matrix.dist }} | |
- name: Build binary package | |
run: | | |
sudo sbuild \ | |
--nolog \ | |
--host ${{ matrix.arch }} \ | |
--build ${{ env.BUILD_ARCH }} \ | |
--dist ${{ matrix.dist }} *.dsc | |
- name: Upload binary package artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binary-${{ matrix.dist }}-${{ matrix.arch }} | |
path: | | |
*.deb | |
- name: Upload as release assets | |
# we don't upload on workflow dispatch | |
if: github.event_name == 'release' | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
*.deb | |
smoke-test-packages: | |
runs-on: ubuntu-latest | |
needs: build-binary-package | |
env: | |
ARCH: amd64 | |
# required by ubuntu:bionic | |
# https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/ | |
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | |
strategy: | |
matrix: | |
image: ${{ fromJSON(vars.SMOKE_TEST_IMAGES) }} | |
container: ${{ matrix.image }} | |
steps: | |
- name: Extract BUILD_ARCH from matrix.image | |
run: | | |
BUILD_ARCH=$(echo ${{ matrix.image }} | cut -d: -f2) | |
if [ -z "$BUILD_ARCH" ]; then | |
echo "Error: Failed to extract BUILD_ARCH from matrix.image" >&2 | |
exit 1 | |
fi | |
echo "BUILD_ARCH=$BUILD_ARCH" >> $GITHUB_ENV | |
- name: Get binary packages for ubuntu:bionic | |
if: matrix.image == 'ubuntu:bionic' | |
uses: actions/download-artifact@v3 | |
with: | |
name: binary-${{ env.BUILD_ARCH }}-${{ env.ARCH }} | |
path: binary-${{ env.BUILD_ARCH }}-${{ env.ARCH }} | |
- name: Get binary packages for other versions | |
if: matrix.image != 'ubuntu:bionic' | |
uses: actions/download-artifact@v4 | |
with: | |
name: binary-${{ env.BUILD_ARCH }}-${{ env.ARCH }} | |
path: binary-${{ env.BUILD_ARCH }}-${{ env.ARCH }} | |
- name: Install packages | |
run: | | |
apt-get update | |
cd binary-${{ env.BUILD_ARCH }}-${{ env.ARCH }} && apt install --yes ./*.deb | |
publish-to-apt: | |
env: | |
DEB_S3_VERSION: "0.11.3" | |
runs-on: ubuntu-latest | |
environment: build | |
needs: smoke-test-packages | |
steps: | |
- name: Setup APT Signing key | |
run: | | |
mkdir -m 0700 -p ~/.gnupg | |
echo "$APT_SIGNING_KEY" | gpg --import | |
env: | |
APT_SIGNING_KEY: ${{ secrets.APT_SIGNING_KEY }} | |
- name: Get binary packages | |
uses: actions/download-artifact@v4 | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: "2.7" | |
- name: Install deb-s3 | |
run: | | |
curl -sLO https://github.com/deb-s3/deb-s3/releases/download/${{ env.DEB_S3_VERSION }}/deb-s3-${{ env.DEB_S3_VERSION }}.gem | |
gem install deb-s3-${{ env.DEB_S3_VERSION }}.gem | |
- name: Quick hack to deal with duplicate _all packages | |
run: | | |
# Quick hack to deal with duplicate _all packages | |
rm -f binary-*-i386/*_all.deb | |
- name: List all packages to be uploaded | |
run: | | |
for dir in binary-*; do \ | |
dist=$(echo $dir | cut -d- -f 2) ; \ | |
ls -lha $dir/*.deb ; \ | |
done | |
- name: Upload packages | |
# We stop here on the workflow dispatch smoke tests and on the preleases | |
if: github.event_name == 'release' && github.event.release.prerelease == false | |
run: | | |
for dir in binary-*; do \ | |
dist=$(echo $dir | cut -d- -f 2) ; \ | |
deb-s3 upload \ | |
--bucket ${{ secrets.APT_S3_BUCKET }} \ | |
--s3-region ${{ secrets.APT_S3_REGION }} \ | |
--codename $dist \ | |
--preserve-versions \ | |
--fail-if-exists \ | |
--sign \ | |
--prefix deb \ | |
$dir/*.deb ; \ | |
done | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.APT_S3_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.APT_S3_SECRET_ACCESS_KEY }} |