263 lines
9.7 KiB
YAML
263 lines
9.7 KiB
YAML
image: registry.gitlab.com/fdroid/ci-images-server:latest
|
|
|
|
lint:
|
|
except:
|
|
refs:
|
|
- triggers
|
|
- schedules
|
|
- pipelines
|
|
before_script:
|
|
- printf "Package\x3a androguard fdroidserver python3-asn1crypto python3-ruamel.yaml\nPin\x3a release a=stretch-backports\nPin-Priority\x3a 500\n" > /etc/apt/preferences.d/debian-stretch-backports.pref
|
|
- echo "deb http://deb.debian.org/debian/ stretch-backports main" > /etc/apt/sources.list.d/backports.list
|
|
- apt-get update
|
|
- apt-get -qy dist-upgrade
|
|
|
|
- rm -rf fdroidserver
|
|
- mkdir fdroidserver
|
|
- git ls-remote https://gitlab.com/fdroid/fdroidserver.git master
|
|
- curl --silent https://gitlab.com/fdroid/fdroidserver/repository/master/archive.tar.gz
|
|
| tar -xz --directory=fdroidserver --strip-components=1
|
|
- export PATH="$PWD/fdroidserver:$PATH"
|
|
- touch config.py
|
|
script:
|
|
# if this is a merge request fork, then only check relevant apps
|
|
- if [ "$CI_PROJECT_NAMESPACE" != "fdroid" ]; then
|
|
git fetch https://gitlab.com/fdroid/fdroiddata;
|
|
test -d build || mkdir build;
|
|
files=`git diff --name-only --diff-filter=d FETCH_HEAD...HEAD`;
|
|
for f in $files; do
|
|
appid=`echo $f | sed -n -e 's,^metadata/\([^/][^/]*\)\.yml,\1,p'`;
|
|
if [ -n "$appid" ]; then
|
|
export CHANGED="$CHANGED $appid";
|
|
testcmd="git -C build clone `sed -En 's,^Repo\W +(https?://),\1u:p@,p' $f`";
|
|
fi;
|
|
done;
|
|
set -x;
|
|
apt-get install python3-colorama;
|
|
./tools/check-git-repo-availability.py $files;
|
|
./tools/audit-gradle.py $CHANGED;
|
|
set +x;
|
|
fi
|
|
- export EXITVALUE=0
|
|
- fdroid lint -f $CHANGED || {
|
|
export EXITVALUE=1;
|
|
printf "\nThese files have lint issues:\n";
|
|
fdroid rewritemeta -l $CHANGED;
|
|
printf "\nThese are the formatting issues:\n";
|
|
fdroid rewritemeta $CHANGED;
|
|
git --no-pager diff --color=always;
|
|
}
|
|
- apt-get -qy update
|
|
- apt-get -qy install --no-install-recommends exiftool
|
|
- find metadata/ -name '*.jp*g' -o -name '*.png' | xargs exiftool -all=
|
|
- echo "these images have EXIF that must be stripped:"
|
|
- git --no-pager diff --stat
|
|
- git --no-pager diff --name-only --exit-code || export EXITVALUE=1
|
|
- ./tools/check-localized-metadata.py || export EXITVALUE=1
|
|
- ./tools/check-keyalias-collision.py || export EXITVALUE=1
|
|
- ./tools/check-metadata-summary-whitespace.py || export EXITVALUE=1
|
|
- exit $EXITVALUE
|
|
|
|
trigger-issuebot:
|
|
image: alpine
|
|
only:
|
|
- branches
|
|
except:
|
|
- master@fdroid/fdroiddata
|
|
variables:
|
|
GIT_DEPTH: "1"
|
|
script:
|
|
- apk add --no-cache bash curl
|
|
- ./tools/trigger-issuebot
|
|
|
|
checkupdates_trigger:
|
|
only:
|
|
refs:
|
|
- schedules
|
|
variables:
|
|
- $CHECKUPDATES == "true"
|
|
image: debian:buster-slim
|
|
before_script:
|
|
- apt-get update
|
|
- apt-get install -qy --no-install-recommends parallel curl ca-certificates
|
|
script:
|
|
- files=( metadata/*.yml )
|
|
- files=( ${files[@]#metadata/} )
|
|
- files=( ${files[@]%.yml} )
|
|
- parallel --verbose --delay 90 -N 340 'curl -X POST -F "token=$CI_JOB_TOKEN" -F "ref=master" -F "variables[CHECKUPDATES]=true" -F "variables[CHECKUPDATES_APPIDS]= {} " https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/trigger/pipeline' ":::" ${files[@]}
|
|
|
|
checkupdates_runner:
|
|
image: registry.gitlab.com/fdroid/ci-images-checkupdates:latest
|
|
tags:
|
|
- checkupdates-runner
|
|
only:
|
|
refs:
|
|
- pipelines
|
|
variables:
|
|
- $CHECKUPDATES == "true"
|
|
before_script:
|
|
- rm -rf fdroidserver
|
|
- mkdir fdroidserver
|
|
- git ls-remote https://gitlab.com/fdroid/fdroidserver.git master
|
|
- curl --silent https://gitlab.com/fdroid/fdroidserver/repository/master/archive.tar.gz
|
|
| tar -xz --directory=fdroidserver --strip-components=1
|
|
- export PATH="$PWD/fdroidserver:$PATH"
|
|
- touch config.py
|
|
- git config --global user.email "fdroidci@bubu1.eu"
|
|
- git config --global user.name "F-Droid checkupdates bot"
|
|
- mkdir -p ~/.ssh
|
|
- chmod 700 ~/.ssh
|
|
- cp "${GITLAB_KNOWN_HOSTS}" ~/.ssh/known_hosts
|
|
- chmod 644 ~/.ssh/known_hosts
|
|
- eval $(ssh-agent -s)
|
|
- echo "${CHECKUPDATES_SSH_DEPLOY_KEY}" | tr -d '\r' | ssh-add -
|
|
- url_host=$(echo "${CI_REPOSITORY_URL}" | sed -e 's|https\?://gitlab-ci-token:.*@|ssh://git@|g')
|
|
- git remote set-url --push origin "${url_host}"
|
|
script:
|
|
- fdroid checkupdates --allow-dirty --auto --commit ${CHECKUPDATES_APPIDS}
|
|
- git pull --rebase origin master
|
|
# when two jobs try to push at the same time they occasionally fail, so try one more time if it fails
|
|
- git push origin HEAD:master || (git pull --rebase origin master && git push origin HEAD:master)
|
|
|
|
fdroid build:
|
|
image: registry.gitlab.com/fdroid/ci-images-client:latest
|
|
allow_failure: true
|
|
artifacts:
|
|
name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
|
|
paths:
|
|
- unsigned/
|
|
when: always
|
|
expire_in: 1 month
|
|
only:
|
|
- branches
|
|
except:
|
|
- master@fdroid/fdroiddata
|
|
cache:
|
|
key: "$CI_JOB_NAME"
|
|
paths:
|
|
- .gradle
|
|
script:
|
|
- git fetch https://gitlab.com/fdroid/fdroiddata.git;
|
|
- test -d build || mkdir build
|
|
- for f in `git diff --name-only --diff-filter=d FETCH_HEAD...HEAD -- metadata/*.yml`; do
|
|
git diff FETCH_HEAD...HEAD -- $f |grep -E '^\+ *(NoSourceSince|Disabled|disable):' && continue;
|
|
appid=`echo $f | sed -n -e 's,^metadata/\([^/][^/]*\)\.yml,\1,p'`;
|
|
export CHANGED="$CHANGED $appid";
|
|
done;
|
|
- test -n "$(printf "$CHANGED" | tr -d '[:space:]')"
|
|
|| { echo "no packages need processing, exiting"; exit 0; }
|
|
|
|
- test -d fdroidserver || mkdir fdroidserver
|
|
- git ls-remote https://gitlab.com/fdroid/fdroidserver.git master
|
|
- curl --silent https://gitlab.com/fdroid/fdroidserver/repository/master/archive.tar.gz
|
|
| tar -xz --directory=fdroidserver --strip-components=1
|
|
- export PATH="`pwd`/fdroidserver:$PATH"
|
|
- export PYTHONPATH="`pwd`/fdroidserver:$CI_PROJECT_DIR/tools"
|
|
- export PYTHONUNBUFFERED=true
|
|
|
|
- bash fdroidserver/buildserver/provision-apt-get-install http://deb.debian.org/debian
|
|
- apt-get dist-upgrade
|
|
|
|
# install fdroidserver from git, with deps from Debian, until fdroidserver
|
|
# is stable enough to include all the things needed here
|
|
- apt-get install -t stretch-backports
|
|
fdroidserver
|
|
python3-asn1crypto
|
|
python3-ruamel.yaml
|
|
yamllint
|
|
- apt-get purge fdroidserver
|
|
|
|
- export GRADLE_USER_HOME=$PWD/.gradle
|
|
# each `fdroid build --on-server` run expects sudo, then uninstalls it
|
|
- for build in `./tools/find-changed-builds.py`; do
|
|
set -x;
|
|
apt-get install sudo;
|
|
fdroid fetchsrclibs $build --verbose;
|
|
fdroid build --verbose --on-server --no-tarball $build;
|
|
done
|
|
|
|
|
|
# issuebot needs secrets to run, so it has to run under the 'fdroid'
|
|
# group, therefore needs the trigger without secrets, there would be
|
|
# no support for virustotal, github downloads, exodus privacy checks,
|
|
# etc. That means it has to be triggered from the lint: job, which
|
|
# runs in the fork's CI.
|
|
#
|
|
# This job has to be called 'pages' because it deploys the JSON API
|
|
# to GitLab Pages.
|
|
pages:
|
|
image: registry.gitlab.com/fdroid/ci-images-client:latest
|
|
only:
|
|
- triggers
|
|
- web
|
|
artifacts:
|
|
paths:
|
|
- metadata/
|
|
- public/
|
|
- repo/index-v1.json
|
|
- repo/index.xml
|
|
- tmp/apkcache.json
|
|
when: always
|
|
# needs lots of git history since it has to compare the merge request to current master
|
|
variables:
|
|
GIT_DEPTH: "5000"
|
|
script:
|
|
- apt-get update
|
|
- apt-get dist-upgrade
|
|
# install fdroidserver from git, with deps from Debian, until fdroidserver
|
|
# is stable enough to include all the things needed here
|
|
- apt-get install -t stretch-backports
|
|
fdroidserver
|
|
python3-asn1crypto
|
|
python3-ruamel.yaml
|
|
python3-venv
|
|
- apt-get purge fdroidserver
|
|
- test -d fdroidserver || mkdir fdroidserver
|
|
- git ls-remote https://gitlab.com/fdroid/fdroidserver.git master
|
|
- curl --silent https://gitlab.com/fdroid/fdroidserver/repository/master/archive.tar.gz
|
|
| tar -xz --directory=fdroidserver --strip-components=1
|
|
- export PATH="`pwd`/fdroidserver:$PATH"
|
|
- export PYTHONPATH="`pwd`/fdroidserver"
|
|
- export PYTHONUNBUFFERED=true
|
|
|
|
- export GRADLE_USER_HOME=$PWD/.gradle
|
|
- rm -rf $GRADLE_USER_HOME/fdroid
|
|
- mkdir -p $GRADLE_USER_HOME/fdroid
|
|
- git ls-remote https://gitlab.com/fdroid/gradle-plugins.git master
|
|
- curl --silent https://gitlab.com/fdroid/gradle-plugins/repository/master/archive.tar.gz
|
|
| tar -xz --directory=$GRADLE_USER_HOME/fdroid --strip-components=1
|
|
|
|
- git ls-remote https://gitlab.com/fdroid/issuebot.git master
|
|
- curl --silent https://gitlab.com/fdroid/issuebot/repository/master/archive.tar.gz
|
|
| tar -xz --strip-components=1
|
|
- pyvenv --system-site-packages --clear issuebot-env
|
|
- . issuebot-env/bin/activate
|
|
- pip3 install python-gitlab wheel pygithub
|
|
- ./issuebot.py
|
|
|
|
# git_stats used to run here, redirect to new location
|
|
- echo '<html><head><meta http-equiv="refresh" content="0;URL=https://fdroid.gitlab.io/"></head></html>'
|
|
> public/index.html
|
|
|
|
|
|
check_git_repos:
|
|
image: debian:buster-slim
|
|
stage: test
|
|
only:
|
|
refs:
|
|
- schedules
|
|
variables:
|
|
- $CHECK_GIT_REPO == "true"
|
|
artifacts:
|
|
when: on_failure
|
|
expire_in: 1 month
|
|
paths:
|
|
- public
|
|
script:
|
|
- apt-get update
|
|
- apt-get -qy install --no-install-recommends ca-certificates git python3-colorama python3-yaml
|
|
- tools/check-git-repo-availability.py || export EXITVALUE=1
|
|
- test -d public || mkdir public
|
|
- cp `git status | grep -Eo 'metadata/.*\.yml'` public/ || true
|
|
- exit $EXITVALUE
|