From b040cd0e791c2833de255f6c4f7370dc07155453 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Wed, 5 Jun 2024 16:48:04 +0200 Subject: [PATCH 1/8] CIAO: check if rules <> [] --- ci/bin/tezos_ci.ml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/bin/tezos_ci.ml b/ci/bin/tezos_ci.ml index 7d1fadd822b3..7c802be4b715 100644 --- a/ci/bin/tezos_ci.ml +++ b/ci/bin/tezos_ci.ml @@ -602,6 +602,8 @@ let job ?arch ?after_script ?allow_failure ?artifacts ?before_script ?cache '%s'." name in + if rules == Some [] then + failwith "The job '%s' cannot have empty [rules]." name ; let arch = if Option.is_some arch then arch else arch_of_tag tag in (match (image, arch) with | Internal {image = Image image_path; _}, None -> -- GitLab From 15e75e226c24244a6c7a6a7e002de66f69e68613 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Wed, 5 Jun 2024 17:32:46 +0200 Subject: [PATCH 2/8] scripts: embed gpg testing key in scripts/ci/create_debian_repo.sh --- scripts/ci/create_debian_repo.sh | 26 ++++--- scripts/packaging/test_repo_private.key | 92 +++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 8 deletions(-) create mode 100644 scripts/packaging/test_repo_private.key diff --git a/scripts/ci/create_debian_repo.sh b/scripts/ci/create_debian_repo.sh index 58a2cb240542..1d47508517f0 100755 --- a/scripts/ci/create_debian_repo.sh +++ b/scripts/ci/create_debian_repo.sh @@ -3,7 +3,8 @@ set -eu # Create the APT repository for debian packages and sign it using -# the private key available as ENV variable. +# the private key available as ENV variable for production repository +# and using the file test_repo_private.key for test repositories. # uses : # - scripts/packaging/Release.conf for release metadata @@ -13,6 +14,8 @@ set -eu # - ARCHITECTURES # - GPG_PASSPHRASE # - GPG_KEY_ID +# - GPG_PRIVATE_KEY +# - GCP_LINUX_PACKAGES_BUCKET if [ $# -lt 2 ]; then cat << EOF @@ -29,9 +32,6 @@ EOF exit 1 fi -# shellcheck source=./scripts/ci/octez-release.sh -. ./scripts/ci/octez-release.sh - ARCHITECTURES=${ARCHITECTURES:-"amd64"} # The linux distribution for which we are creating the apt repository @@ -43,15 +43,19 @@ shift # E.g. 'jammy focal', 'bookworm' RELEASES=$* -# make available the private key for signing the release file -echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --batch --import -- - BUCKET="$GCP_LINUX_PACKAGES_BUCKET" oldPWD=$PWD +# check if it's a real or a test release or we are testing +# the packages in a branch +if [ -n "${CI_COMMIT_TAG:-}" ]; then + # shellcheck source=./scripts/ci/octez-release.sh + . ./scripts/ci/octez-release.sh +fi + # if it's a release tag, then it can be a RC release or a final release -if [ -n "${gitlab_release_no_v}" ]; then +if [ -n "${gitlab_release_no_v:-}" ]; then # It a release tag, this can be either a real or test release if [ -n "${gitlab_release_rc_version}" ]; then # Release candidate @@ -62,6 +66,10 @@ if [ -n "${gitlab_release_no_v}" ]; then fi else # Not a release tag. This is strictly for testing + # We embed these keys here for testing only. + GPG_KEY_ID="CFC482F3CD08D36D" + GPG_PASSPHRASE="07cde771b39a4ed394864baa46126b" + GPG_PRIVATE_KEY=$(cat ./scripts/packaging/test_repo_private.key) if [ ! "$CI_COMMIT_REF_PROTECTED" = "true" ]; then if [ "$CI_COMMIT_REF_NAME" = "RC" ]; then echo "Cannot create a repository for a branch named 'RC'" @@ -80,6 +88,8 @@ else fi fi +echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --batch --import -- + mkdir -p "$TARGETDIR/dists" for architecture in $ARCHITECTURES; do # amd64, arm64 ... diff --git a/scripts/packaging/test_repo_private.key b/scripts/packaging/test_repo_private.key new file mode 100644 index 000000000000..19c7ee5e3e23 --- /dev/null +++ b/scripts/packaging/test_repo_private.key @@ -0,0 +1,92 @@ +LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFXR0JHV255UW9CREFDNllP +d3Y0ODBsZkUwVG1ScjZwRmtFbmpFRjhNZ1NOT1k3R1g2T21xSlo0bjNiQ3E0SwpBWGdqZk5Ic1ly +Zjl5TURDTXpiekQ2NVc0bmwrTmhVMWxaS0xJVFltMmVlWWo3Nk0rREhjMUx4V0RvOTVrVFBoClFs +UFhFWjJLS0htak9iVjJMMUtZMXRlOFRUanRBd0VGM1ljdWYrUnM3Z212YUthNTNLcTIzQkJ3cm9Y +NDMyR3AKcnQzZk9QU2xKMlhzQ0JrSlowTGFvSWF5NzRMSkNudlVJQXhZMHhKdXNZVnRtbGpTUW91 +dVUxNWQ0MUZqenoxVwpaVkZaMVdibmFtb2F1L1RnQ1ZMVVdMSUFmWnVmUEhNalNDT25XVm9lT1dW +MDZ2TE9IVTFrQzBnU3h3QmRyZWkzCnpia1ExaXAvZ21aSE5uUUd1WklzcWcxZXBsaUlsclhkWjRm +QktkYnc1cWFlVmEvV1Z1Y2pnZTRZZU83dnRHZjIKM0lNdWk1Q1hNOTloZDR5SmxpMS94dTlCSm1P +cVIyUlpTTlFCcEZQQ0FzL1FKaWp0NGVWd3diSEE5T2ZFcUE1cwp5SE1Dc21jS3RRSE0zOHY1Yksz +RjVRRDdhdjArelo4SFgyOGJBUE5UTURNY0hoZ2VNOTZUWmpHNFpUTFNMUGdxCm5XZVQ5SktRQUJW +SnJpY0FFUUVBQWY0SEF3S3pHa0lTR2pvbkxmL20yRkpYYndCbWhvbnZwVGtmOE0wMFVXOGIKNyta +eHlJelcwT0plalovTEVSdXJLUHREOTlKOVI2REk5NWpnOFhpZ1JiS3FPZUdzdnFLNWpXRW5uYlZD +WDZaMQpGSk5FZDBpS3g4M0ZBZHNEOVZjYkFERy9qK2o2d0Irc1h4a241MW05UExnTU9iNk55M0VZ +L0RXSktaU3dlaFZjCkhpSERKT3NpUW5JcVo2ZUtlUjR3dmFOTktKRS9aZUNiMUNmSVdYZUZ3N2p5 +aDNYQ0x6c0RKZ1p4aVAvbE1UTU8KYno5MVVBUFlOYU5hU2JJZnkrRDlDTVZCN3IyZU9VWC9lS29r +UC9PVTZObnlXTUxnUDUwT3VLVnJER0QxOUZlWApRZ3R2Mm1oMHE0d0MwZk9tNGJja08vbU55dmZC +NFE0T3dGMXh5UW9GTHRoemFMN2pzVVdTN2RJOGQvVjhGSVZzCnlRY09kK0JoRWtTRzNaY0VOalFR +Ly9jckxlUExXMzRIT0VFbUlsMW9MVWRENUF4T1NvM25USEdVQUF6SW9KdmUKV29RaCs5MDlITk0z +OFVnSEEvZE5wVm9GUGtHbDJkTDJiUjAzbXU3empYSHlkQzh6bkprcUhiWGd4WndNYXZSaQptR1FR +UzJWYnp2Vmh5bVMzenVPUW1qVjNKeEM1WUN2OHRCdXN1UkMyRWtnUzVLQ2ZERVVNUjRiSVJVOVRy +d0kzClNCQWlESHZkK3p2MWVuTktuWHZ2bjUvSEw2ZE9NR2RGZnRhMS85UkJpWWZMRW9DMVRaalBv +bHV1cUREdkJIZVkKckZKa0tnb3Zscm5CY1gzNkJ5ZU5IdXIvRHc3V0pxbzhVcjNWR29tMm02dXV3 +QkpRL2hvS3NXT3NTU3ZFOUdLMwpvOGxqeDNCak51Qkd1L0ozbi9oR2FRQXE3dlFHM050S1I2Zm9k +bDNVaDc4RmgyTXRVUG5iZ2tYS1YrWkVraVNYCkRoTTBDdVMzSmk4dEg1MGtpNjcwcHlQbi8vbWpM +MWdkaDJvMzQ0dlh5RUx3SDdwdytCWHZDbVpCWUp2dE1BVnAKalQ1VTg3eFdoWDFicDF0UHlQUEcy +SHNlNkV4cituVFA3OHgrYUw1eEhPZkJQbk0rZVNpVktSSk9mOENVcG9qbApCS2pod0dhTWF5cDFT +b0cvUEZlTCtZckNjSVF1TldMeU85VVVtOEVJRjdXRDBEbTJqWGFHbnloNnZkQjk4SmNICjhnanZ3 +a29PS2g2MmRkN3kyZWRhRXBZMnhZMHBsTzZabUM1aDI5MVQzT1NoeGt2clY1ZEtHRVJzdkpXODBp +cSsKYW5qT1JTOFk4Q1pwUk5KMnVhQXdqSkhaSHZoK2pJN01wR3p0SmhKWUZ2NUlLS0ZFN0JSa0dx +VVVaejJzNU96YgpMRURNaFJQZEJ0cC9NbGRqeDRPSkZxWWsyT0s2TERuMHRPRnFuWGpHUWJaZzd3 +NjNtRjNnSnJSTVZZMEFDQmNZCitsOVRsQzFJdkp3b2VhdXlMeldFcnVhRjJqSjBOeUkzRzRUY2tP +RkxrK3BzT21pcjduZlpIdFh2NFVLSkdSTmEKVThsMDhKWjNJV3kyN2Y2Y0VnNDVONk16b2JJS1pt +ZHZXWFBIZTJOeURub0hydG5hTUNsUzVhbEV6dEpVT0h2WAoxV0Q5V3dXeEhCOHpKS1g3YXdiYzBa +NnBnOEdhVGdrb1hENnc0cHlPYjAxMExrZHRNSDlpTjRDeENHekpkSTlLClpNUFR2RUdyY2w3VzQx +cGlsM3Y2MnZnQWo2VGZrazhweDdRa1RtOXRZV1JwWXlCTVlXSnpJRHhwYm1adlFHNXYKYldGa2FX +TXRiR0ZpY3k1amIyMCtpUUhVQkJNQkNnQStGaUVFczM2NWN0WFNkYUpEV1U3S3o4U0M4ODBJMDIw +RgpBbVdueVFvQ0d3TUZDUUhoTTRBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2dr +UXo4U0M4ODBJCjAyMkxpUXdBc1VGYkRuMXFKTkNza3pUMHFtbzR4Nnh3cUhCcDN6dFdUQ1VaVUZu +MWluVzJ5Y3JrQnU0Sml5VloKRHRBR21aK3V3WEhULzI2UGE5QjJOTFVHa3F0SDN3VjJIWjd6Q0lV +TGo5UWU1Y2pJcFJvQU5DUmRIdGUwNGc4MgpSWEZmcWVzQVZkT1BabldHVEY4aVhxUURKUGlDN0tM +aVlvYU5xcXh4eU4vbE9TRWx2QldVMzFlWlF5dUFZY0xZCkNzWHVWRTRvSHJPR1JEa1hNeGFwcjl5 +TDNpK3FuZnFTVjExS1MzbHZ1eitLU1pPeUtjUEd5TUJYc3crejFxb1EKWUw4SllPRFREZ2E4R0cw +OTQyTW5rQTlZNnY0OUdQY2o3enhDSVN6THBkQmtKckViSlNpQjNtS0hKclpKMDNHVgp2OWpBQ1V0 +S3JnTldTbEs1bmRycU94ZHlycW55MHFuSWVCd1Y4ZUxBeU5mQjZWMXd5c0MzWUFVaW1nZU5oK0Iw +ClhML1RDMEZpMEp3NEo0b3FDRlBHZnl5TGNlNTJzSTJidkJRd0VBRHNsWTlwM2k3VnBNZ1lMMnQv +VmgyMVNkSmcKalV3S0UvY0Q2TW5VaGRvWXNER0lFS0c0QWpWTStuamFzS0F5aXgwMTZNZDhPUUF4 +OEc0RlcxVUV1RCtjV053MApvSDdPamp3d25RV0ZCR1dueVFvQkRBREJqOERRa3c0Wm1JUjhZZXE2 +Mi9SUStrTFh6RzJtSGNmaCs4Z3N3d0E4CnNBTnZpd3BoVzlNUFZtYmxaNlFYQlo0RzlFUnJBem5m +M2JETHFHV3c3Sm5nakprcmlNS3Z6TGZqM1VqbHRtZFYKZlZsd1lycmZsbVRjR0FhNE5iNkJqK0lJ +aDZlcllYcXkwdGFlRWxRK24vY05RVlBIZWtjb2FRczhEd1pFMmhHaAppRVlFVHhwTDYzUmY1R3VD +ZkJwaCt1N3NXV21iSlNXMWtudngzSnh2dmxrRlJTYlpWSWgvYkwrSGo1TWxhV0x0CnRHRlg2ay9X +TEtPZXBkU1l2MjRxUTJBTDdLZ3dEUStZNloyTlN5TVVIQ3pQT3Y4Y3dsbGtNd1JyV1VncXlpWFgK +YUJXSGhYZkMvWUFrWkJTZXJMMTJiYXFpSHVBaU1CNDF0ZDVXUlpxUVkrM0pycW9vYmtLbUJCVkxt +NlZxZ1RBNApyQlFOWWhWTGNMaWVPU2NLR0cweFpyeFNtUlJXdFA1OVlQOTZ2elJyRFpyMHlCUm14 +VFluVk14UEJmbHV6eWJaClF5bHVXbU1kQU9NNE1JYmFRU2x1MWRBM0dvSlM3anFTMFIwOE4ySkJ3 +U3hqSmZWblN4M0x5WS95RGIxNitvWEQKamxOQ2d2L2hXb2svMWZRR2haUkVkeHNBRVFFQUFmNEhB +d0t0SE1KSnlZSFpndjkwME4wVnhkQStrckplQnFiYgpFNmFJR1o3VElHaXo0ZzVxRFF2ZkZDVVpR +VENTRzZySjFJVWZKejZpay80Q1Q0NE5YYUVmR0JXa2FEYmx5eEl5CjZKTm90eFk1QTdFOU55Njgv +aXhBS0hyd2dqV2E3R0M2SWlrMmsrWlNQS3gxN3ROUzBkUDFFZklPVnl1cVRBeDcKeEc2R3pIYzAy +Lzg2V2puK05KbEFVSGR3amRNRUU4c1FTbklEakVNeW54UzVMZjdSWVQ0QkJkQkRZa2tianJsSQph +SHp3M2p0VXBIUUJpYzhvWVloUm5rOUcwWFdodDRmU0diMk9lNzBiam1Db0diMzYwOHlxalR4UlVY +bHAvT25pCmJrOXJaZlBxcFI0b2FMRGVCK2REZWxNUTg0Z2ZJYWt2RHY0V3NLT0w2TjY2VGp1VmNh +aHJ6dUpRMzl0SE96cjkKWDNuYjRFZFV0VDdOVkh6TzY0dEM4U0NNekZmQmJkcmt3cHk3eWFvUmFJ +NjV2MDBkTnZvRlhGY21oUEtJQ1QxZAp4NmQyWnZLSEtycVZUMFllajZxSlRSSzJvT2ZtcnF0cXFt +YWs5SDAxaGFjMXZ6cndSYURzZkNZa3hNU0QxQVpXCkdORXhlTmE1bUdaNmt5ZEp4bk9LaVRNMDky +R09iZm1EUFZjbU1qWnQ2YVRFRlM1bWhCdmNTWm9mRXpibGF0RjEKNGZVdGRnQlo1cStva29CMkhJ +TVJBMGhFYkJwTGh6UGw3T09jV0ZzNEQ1SnlZTzZ2ODh4NnZwWmZ2d3V4aDJGOAprc21KbGtLWDdZ +VnRnQndVL0htZ0hjR1BqKzVuejNFZ0NKd0UxWjZEeTFnd3lsb3l3RzZZZTYyem5KcnZycjVHCjAy +UWtlU3QrUEd2bXJjRVFUR2hSNFN5V1JRZzNFZVpXeHBucXdjczdmNUd3TUpGdnNIajJnSXRqNTI3 +R1VTNVUKTytUcDBYaGlQbjFKa3dIdlZBMDZzNDU3YlJkN1NlenlWTGpSNW81SFFwbXRoKzh6LzVP +UW9nWlRocHl5RkNlZQpobzNwTHJiOGw4QmZjcEVFSW55Z1ZabGVJV3ZoOHhlakxiUlM4TXRmWXpI +d2lNNlV3aENFNVd0TldGTzg0L3RLCnh4RlhkZERNV2xOOW85UXJ0MFJSRitPTHg1anRDdmU4d2or +aGxGUHl5ZGRKYVVwdGZFMkp1REN1Zllob3AzSDEKd3MzR3hpbjBqVjcrRVlxSWRHZm52eG5lY0N1 +V2pzSGNTYjJTZG52bVJUUysvbnRzVDJBNWdpV2ZyMHBSWWw5SwpDT0syN211czlSTTVaMm1FZkJs +SCtDYnpKc3F4N1NlaUFBMm5OU1k5WklhbG5uaFkxdTMvMXBPSTV4M2JxajdQClplL2M0dlh6WkRx +RC9GeGI4eGN1aTNXUHBrUUFocEZVT2tyZ3EzMmhyVVZ5aEFiczZPOUpiVXRmUmIxVWxEaUsKa2ha +V1lDYWRvem1VSU9ONnBQWHZsVjFZZ1ZPZ2VJa255MWJUUHhLK1BwcjBOcHNOR0dTU2NiWmZUQ1g2 +Mk1FTgozQU9WUmx6emJZemZha1N3ZEtKbk5CWGZ1aHpQeGVKQk85eWU3ZkxGeGlLN1Y0dnRsRWl4 +VDQwNjhleWxLNHBlCmorSUVVaGNsdkl1RExnN21xWm9jSDA3c01ETjZWT3puTnZCV2I3Qy80cEZM +UWdWTFY5ZTJtazJZckZ3US9XMm4KbnFWMkRxWm9ZZmFUc2gvbWdKYi9MbWNQUGI5NVllZ2I0TDlI +R0VLQ2lRRzhCQmdCQ2dBbUZpRUVzMzY1Y3RYUwpkYUpEV1U3S3o4U0M4ODBJMDIwRkFtV255UW9D +R3d3RkNRSGhNNEFBQ2drUXo4U0M4ODBJMDIzRUZRdi9hcGZBCmd0QzhhVjZKWFNIcEs5cE1JcVlZ +cDhxQkpCTFowbHpDbEwvaWhGOFFCemoyeFhQaEwxcnM1dDlUK1BIVVcybE4KZTBPZzJDY3k4OU5y +bnpDeENoWWlQZUlFNEtJN29NcVpJbEZvSHNxQVI5RXpKbUhZMGI1Qjd3WG42OXBqcFZKbgp6d0RZ +Q0hRRHBFZ2pZYlZEdDVLajlxM1REVjJZSDVzMnhna2pHNmV0bkNpMDJqNDg0SE5KNWJjdWZEKzF2 +VFNvCmxyTVliN05LNENwNWF2L2JqdjRkcVAyNVFNM3B2dGZGSW96MTFNTHNvVnBKWE14b2poTmRh +NlpuNUVoQ0NPMFUKVWJIVCtJeXZLc1JHb3pDdHlmc1N0VjJlM1R6TUVvR0FMQmFDMFh3WXEzTndJ +d1MvbGxvRVJXUnNCTC9xUXZRYQpSaGhUK1NHckkvU0czNFhpUmNlcmFHSW9lWmI4cCtkd0xmWE8z +eTJaZzdKVkRHNkNhK3U1QmdWQlBpVUhDYk42Cnkvdzk4OVNEWnU3QjVnRWhDdUovb0xFejFuUzBv +bEJxK1ZlSGpPUy9wZGFiRFQ5ZGsrbDdpei8zSE9idE9zZTIKR3o3ck9iVDZPQ2hJU0dzNmlQWlJu +SC9WS1hWUzljWXBITzRWMTBPVjRJWWpIN2hTY2x6WVU2YlNJemVWCj10Z1Y4Ci0tLS0tRU5EIFBH +UCBQUklWQVRFIEtFWSBCTE9DSy0tLS0tCg== -- GitLab From 47d0e353739f41bc8d4ee556ed4fc54080ff7f7a Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Thu, 6 Jun 2024 14:23:00 +0200 Subject: [PATCH 3/8] CIAO: move current packages build in child pipeline --- .gitlab/ci/pipelines/debian_repository.yml | 117 ++++++++++++++++++++ ci/bin/debian_repository.ml | 111 ++++++++++++++++++- docs/introduction/install-bin-deb.sh | 54 +++++++-- scripts/ci/build-debian-packages_current.sh | 22 ++++ scripts/ci/create_debian_repo.sh | 11 +- 5 files changed, 301 insertions(+), 14 deletions(-) create mode 100755 scripts/ci/build-debian-packages_current.sh diff --git a/.gitlab/ci/pipelines/debian_repository.yml b/.gitlab/ci/pipelines/debian_repository.yml index e1cc6d43dce4..e673258c0b72 100644 --- a/.gitlab/ci/pipelines/debian_repository.yml +++ b/.gitlab/ci/pipelines/debian_repository.yml @@ -107,3 +107,120 @@ oc.build-ubuntu: TAGS: - gcp - gcp_arm64 + +oc.build-debian-current: + image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} + stage: packaging + tags: + - $TAGS + dependencies: [] + script: + - export CARGO_NET_OFFLINE=false + - ./scripts/ci/build-debian-packages_current.sh + variables: + DEP_IMAGE: registry.gitlab.com/tezos/tezos/build-$DISTRIBUTION-$RELEASE + DISTRIBUTION: debian + artifacts: + paths: + - packages/$DISTRIBUTION/$RELEASE + parallel: + matrix: + - RELEASE: + - unstable + - bookworm + TAGS: + - gcp + - gcp_arm64 + +oc.build-ubuntu-current: + image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} + stage: packaging + tags: + - $TAGS + dependencies: [] + script: + - export CARGO_NET_OFFLINE=false + - ./scripts/ci/build-debian-packages_current.sh + variables: + DEP_IMAGE: registry.gitlab.com/tezos/tezos/build-$DISTRIBUTION-$RELEASE + DISTRIBUTION: ubuntu + artifacts: + paths: + - packages/$DISTRIBUTION/$RELEASE + parallel: + matrix: + - RELEASE: + - focal + - jammy + TAGS: + - gcp + - gcp_arm64 + +apt_repo_debian_current: + image: debian:bookworm + stage: packaging + tags: + - gcp + needs: + - oc.build-debian-current + dependencies: + - oc.build-debian-current + before_script: + - . ./scripts/version.sh + - ./scripts/ci/prepare-apt-repo.sh + script: + - ./scripts/ci/create_debian_repo.sh debian bookworm + variables: + ARCHITECTURES: amd64 + GNUPGHOME: $CI_PROJECT_DIR/.gnupg + +apt_repo_ubuntu_current: + image: public.ecr.aws/lts/ubuntu:20.04_stable + stage: packaging + tags: + - gcp + needs: + - oc.build-ubuntu-current + dependencies: + - oc.build-ubuntu-current + before_script: + - . ./scripts/version.sh + - ./scripts/ci/prepare-apt-repo.sh + script: + - ./scripts/ci/create_debian_repo.sh ubuntu focal jammy + variables: + ARCHITECTURES: amd64 + GNUPGHOME: $CI_PROJECT_DIR/.gnupg + +oc.install_bin_ubuntu_focal: + image: public.ecr.aws/lts/ubuntu:20.04_stable + stage: packaging + tags: + - gcp + needs: + - apt_repo_ubuntu_current + dependencies: [] + script: + - ./docs/introduction/install-bin-deb.sh ubuntu focal + +oc.install_bin_ubuntu_jammy: + image: public.ecr.aws/lts/ubuntu:22.04_stable + stage: packaging + tags: + - gcp + needs: + - apt_repo_ubuntu_current + dependencies: [] + script: + - ./docs/introduction/install-bin-deb.sh ubuntu jammy + +oc.install_bin_debian_bookworm: + image: debian:bookworm + stage: packaging + tags: + - gcp + needs: + - apt_repo_debian_current + dependencies: [] + script: + - ./docs/introduction/install-bin-deb.sh debian bookworm diff --git a/ci/bin/debian_repository.ml b/ci/bin/debian_repository.ml index 27839ec9942e..102de6d979ef 100644 --- a/ci/bin/debian_repository.ml +++ b/ci/bin/debian_repository.ml @@ -8,7 +8,7 @@ (* This module defines the jobs of the [debian_repository] child pipeline. - This pipeline builds the post-v19.1 Debian (and Ubuntu) + This pipeline builds the current and next Debian (and Ubuntu) packages. *) open Gitlab_ci.Types @@ -33,6 +33,28 @@ let debian_package_release_matrix = let ubuntu_package_release_matrix = [[("RELEASE", ["focal"; "jammy"]); ("TAGS", ["gcp"; "gcp_arm64"])]] +(* Push .deb artifacts to storagecloud apt repository. *) +let job_apt_repo ?rules ~__POS__ ~name ?(stage = Stages.packaging) ?dependencies + ?(archs = [Amd64]) ~image script : tezos_job = + let variables = + [ + ( "ARCHITECTURES", + String.concat " " (List.map Tezos_ci.arch_to_string_alt archs) ); + ("GNUPGHOME", "$CI_PROJECT_DIR/.gnupg"); + ] + in + job + ?rules + ?dependencies + ~__POS__ + ~stage + ~name + ~image + ~before_script: + (before_script ~source_version:true ["./scripts/ci/prepare-apt-repo.sh"]) + ~variables + script + let jobs = let variables add = ("DEP_IMAGE", "registry.gitlab.com/tezos/tezos/build-$DISTRIBUTION-$RELEASE") @@ -63,7 +85,8 @@ let jobs = ~distribution:"ubuntu" ~matrix:ubuntu_package_release_matrix in - let make_job_build_debian_packages ~__POS__ ~name ~matrix ~distribution = + let make_job_build_debian_packages ~__POS__ ~name ~matrix ~distribution + ~script = job ~__POS__ ~name @@ -88,15 +111,38 @@ let jobs = {{:https://docs.gitlab.com/ee/ci/variables/index.html#cicd-variable-precedence}here} for more info. *) "export CARGO_NET_OFFLINE=false"; - "./scripts/ci/build-debian-packages.sh"; + script; ] in + + (* These jobs build the current packages in a matrix using the + build dependencies images *) + let job_build_debian_package_current : tezos_job = + make_job_build_debian_packages + ~__POS__ + ~name:"oc.build-debian-current" + ~distribution:"debian" + ~matrix:debian_package_release_matrix + ~script:"./scripts/ci/build-debian-packages_current.sh" + in + let job_build_ubuntu_package_current : tezos_job = + make_job_build_debian_packages + ~__POS__ + ~name:"oc.build-ubuntu-current" + ~distribution:"ubuntu" + ~matrix:ubuntu_package_release_matrix + ~script:"./scripts/ci/build-debian-packages_current.sh" + in + + (* These jobs build the next packages in a matrix using the + build dependencies images *) let job_build_debian_package : tezos_job = make_job_build_debian_packages ~__POS__ ~name:"oc.build-debian" ~distribution:"debian" ~matrix:debian_package_release_matrix + ~script:"./scripts/ci/build-debian-packages.sh" in let job_build_ubuntu_package : tezos_job = make_job_build_debian_packages @@ -104,10 +150,69 @@ let jobs = ~name:"oc.build-ubuntu" ~distribution:"ubuntu" ~matrix:ubuntu_package_release_matrix + ~script:"./scripts/ci/build-debian-packages.sh" + in + + (* These create the apt repository for the current packages *) + let job_apt_repo_debian_current = + job_apt_repo + ~__POS__ + ~name:"apt_repo_debian_current" + ~dependencies:(Dependent [Artifacts job_build_debian_package_current]) + ~image:Images.debian_bookworm + ["./scripts/ci/create_debian_repo.sh debian bookworm"] + in + let job_apt_repo_ubuntu_current = + job_apt_repo + ~__POS__ + ~name:"apt_repo_ubuntu_current" + ~dependencies:(Dependent [Artifacts job_build_ubuntu_package_current]) + ~image:Images.ubuntu_focal + ["./scripts/ci/create_debian_repo.sh ubuntu focal jammy"] + in + + (* These test the installability of the current packages *) + let test_current_packages_jobs = + let job_install_bin ~__POS__ ~name ~dependencies ~image ?allow_failure + script = + job + ?allow_failure + ~__POS__ + ~name + ~image + ~dependencies + ~stage:Stages.packaging + script + in + [ + job_install_bin + ~__POS__ + ~name:"oc.install_bin_ubuntu_focal" + ~dependencies:(Dependent [Job job_apt_repo_ubuntu_current]) + ~image:Images.ubuntu_focal + ["./docs/introduction/install-bin-deb.sh ubuntu focal"]; + job_install_bin + ~__POS__ + ~name:"oc.install_bin_ubuntu_jammy" + ~dependencies:(Dependent [Job job_apt_repo_ubuntu_current]) + ~image:Images.ubuntu_jammy + ["./docs/introduction/install-bin-deb.sh ubuntu jammy"]; + job_install_bin + ~__POS__ + ~name:"oc.install_bin_debian_bookworm" + ~dependencies:(Dependent [Job job_apt_repo_debian_current]) + ~image:Images.debian_bookworm + ["./docs/introduction/install-bin-deb.sh debian bookworm"]; + ] in [ job_docker_build_debian_dependencies; job_docker_build_ubuntu_dependencies; job_build_debian_package; job_build_ubuntu_package; + job_build_debian_package_current; + job_build_ubuntu_package_current; + job_apt_repo_debian_current; + job_apt_repo_ubuntu_current; ] + @ test_current_packages_jobs diff --git a/docs/introduction/install-bin-deb.sh b/docs/introduction/install-bin-deb.sh index def849092255..7eb0176ef51f 100755 --- a/docs/introduction/install-bin-deb.sh +++ b/docs/introduction/install-bin-deb.sh @@ -2,18 +2,52 @@ distribution=$1 release=$2 -rc=$3 - -# this is the default bucket using for testing -bucket="tezos-linux-repo" -if [ "${CI_COMMIT_REF_PROTECTED:-false}" = true ]; then - # this is the release bucket used only on - # protected release branches - bucket="tezos-linux-protected-repo" + +# check if it's a real or a fake release or we are testing +# the packages in a branch +if [ -n "${CI_COMMIT_TAG:-}" ]; then + # shellcheck source=./scripts/ci/octez-release.sh + . ./scripts/ci/octez-release.sh fi -if [ "$rc" = "rc" ]; then - distribution="RC/$distribution" +# If it's a protected branch the value of $bucket will +# be set accordingly but the CI. +bucket="$GCP_LINUX_PACKAGES_BUCKET" + +# This logic must be kept in sync with the script in +# ./scripts/ci/create_debian_repo.sh + +# if it's a release tag, then it can be a RC release +# or a final release. This can be on a protected branch or not. +if [ -n "${gitlab_release_no_v:-}" ]; then + # It a release tag, this can be either final or release + # candidate + if [ -n "${gitlab_release_rc_version}" ]; then + # Release candidate + distribution="RC/$distribution" + fi + # else we just that $distribution as it is +else + # Not a release tag. This is strictly for testing. + if [ "${CI_COMMIT_REF_PROTECTED:-false}" = true ]; then + # this is not a release, but it's a protected branch. + # We allow this only for the master branch. + if [ "$CI_COMMIT_REF_NAME" = "master" ]; then + distribution="master/$distribution" + else + echo "Cannot test for a protected branch that \ + is not associated with a release tag or it's master" + exit 1 + fi + else + # Not a release, not a protected branch + if [ "$CI_COMMIT_REF_NAME" = "RC" ]; then + echo "Cannot test a repository for a branch named 'RC'" + exit 1 + else + distribution="$CI_COMMIT_REF_NAME/$distribution" + fi + fi fi set -e diff --git a/scripts/ci/build-debian-packages_current.sh b/scripts/ci/build-debian-packages_current.sh new file mode 100755 index 000000000000..cbdc8d64ba91 --- /dev/null +++ b/scripts/ci/build-debian-packages_current.sh @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +BUILDDIR=$(pwd) +export BLST_PORTABLE=true + +# Prepare the building area: copying all files from +# the dependency image a staging area. This is necessary +# to build on arm64 where the BUILDDIR is in ram. +cp -a ./* /root/tezos/ +cd /root/tezos/ + +# shellcheck disable=SC1091 +. "$HOME/.cargo/env" +eval "$(opam env)" + +# Build octez debian packages +make dpkg + +# Move the debian package to be packed as artifacts +mkdir -p "$BUILDDIR/packages/$DISTRIBUTION/$RELEASE" +cp -a -- *.deb "$BUILDDIR/packages/$DISTRIBUTION/$RELEASE" diff --git a/scripts/ci/create_debian_repo.sh b/scripts/ci/create_debian_repo.sh index 1d47508517f0..4ab6de6fe17f 100755 --- a/scripts/ci/create_debian_repo.sh +++ b/scripts/ci/create_debian_repo.sh @@ -43,6 +43,8 @@ shift # E.g. 'jammy focal', 'bookworm' RELEASES=$* +# If it's a protected branch the value of $bucket will +# be set accordingly but the CI. BUCKET="$GCP_LINUX_PACKAGES_BUCKET" oldPWD=$PWD @@ -54,6 +56,9 @@ if [ -n "${CI_COMMIT_TAG:-}" ]; then . ./scripts/ci/octez-release.sh fi +#This logic must be kept in sync with the installation tests scripts in +# docs/introduction/install-bin-deb.sh + # if it's a release tag, then it can be a RC release or a final release if [ -n "${gitlab_release_no_v:-}" ]; then # It a release tag, this can be either a real or test release @@ -70,14 +75,17 @@ else GPG_KEY_ID="CFC482F3CD08D36D" GPG_PASSPHRASE="07cde771b39a4ed394864baa46126b" GPG_PRIVATE_KEY=$(cat ./scripts/packaging/test_repo_private.key) - if [ ! "$CI_COMMIT_REF_PROTECTED" = "true" ]; then + if [ "$CI_COMMIT_REF_PROTECTED" = "false" ]; then if [ "$CI_COMMIT_REF_NAME" = "RC" ]; then echo "Cannot create a repository for a branch named 'RC'" exit 1 else + # Branch is not protected, this is for testing ordinary MRs TARGETDIR="public/$CI_COMMIT_REF_NAME/$DISTRIBUTION" fi else + # For protected branches that are not release, we allow + # a repository only for master. if [ "$CI_COMMIT_REF_NAME" = "master" ]; then TARGETDIR="public/master/$DISTRIBUTION" else @@ -128,6 +136,7 @@ for architecture in $ARCHITECTURES; do # amd64, arm64 ... gpg --batch --passphrase-fd 0 --pinentry-mode loopback \ -u "$GPG_KEY_ID" --clearsign \ -o "dists/${release}/InRelease" "dists/${release}/Release" + cd - done # back to base cd "$oldPWD" -- GitLab From 96e8586918b59b3da48dfa2982690647b799bb62 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Thu, 6 Jun 2024 11:49:21 +0200 Subject: [PATCH 4/8] packaging current: remove all install tests for deb packages from the main pipeline --- .gitlab/ci/pipelines/before_merging.yml | 108 ------------------ .../ci/pipelines/schedule_extended_test.yml | 72 ------------ ci/bin/code_verification.ml | 65 +---------- 3 files changed, 1 insertion(+), 244 deletions(-) diff --git a/.gitlab/ci/pipelines/before_merging.yml b/.gitlab/ci/pipelines/before_merging.yml index 1254ba40a7cc..7f334b17abb5 100644 --- a/.gitlab/ci/pipelines/before_merging.yml +++ b/.gitlab/ci/pipelines/before_merging.yml @@ -2600,114 +2600,6 @@ resto.unit:arm64: script: - dune runtest resto -oc.install_bin_ubuntu_focal: - image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu focal - -oc.install_bin_ubuntu_jammy: - image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu jammy - -oc.install_bin_rc_ubuntu_focal: - image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu focal rc - -oc.install_bin_rc_ubuntu_jammy: - image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu jammy rc - -oc.install_bin_debian_bookworm: - image: debian:bookworm - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh debian bookworm - -oc.install_bin_rc_debian_bookworm: - image: debian:bookworm - stage: test - tags: - - gcp - rules: - - changes: - - docs/introduction/install*.sh - when: on_success - - when: manual - allow_failure: true - needs: - - trigger - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh debian bookworm rc - oc.install_opam_jammy: image: ocaml/opam:ubuntu-22.04 stage: test diff --git a/.gitlab/ci/pipelines/schedule_extended_test.yml b/.gitlab/ci/pipelines/schedule_extended_test.yml index ebc91a50f01f..94a87ba5272f 100644 --- a/.gitlab/ci/pipelines/schedule_extended_test.yml +++ b/.gitlab/ci/pipelines/schedule_extended_test.yml @@ -2282,78 +2282,6 @@ resto.unit:arm64: script: - dune runtest resto -oc.install_bin_ubuntu_focal: - image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu focal - -oc.install_bin_ubuntu_jammy: - image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu jammy - -oc.install_bin_rc_ubuntu_focal: - image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu focal rc - -oc.install_bin_rc_ubuntu_jammy: - image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh ubuntu jammy rc - -oc.install_bin_debian_bookworm: - image: debian:bookworm - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh debian bookworm - -oc.install_bin_rc_debian_bookworm: - image: debian:bookworm - stage: test - tags: - - gcp - rules: - - when: always - dependencies: [] - allow_failure: true - script: - - ./docs/introduction/install-bin-deb.sh debian bookworm rc - oc.install_opam_jammy: image: ocaml/opam:ubuntu-22.04 stage: test diff --git a/ci/bin/code_verification.ml b/ci/bin/code_verification.ml index 24b6855902cb..4b8807f442bb 100644 --- a/ci/bin/code_verification.ml +++ b/ci/bin/code_verification.ml @@ -1203,44 +1203,12 @@ let jobs pipeline_type = in (* The set of installation test jobs *) let jobs_install_octez : tezos_job list = - let install_octez_rules = - make_rules - ~changes:(Changeset.make ["docs/introduction/install*.sh"]) - ~manual:Yes - () - in let compile_octez_rules = make_rules ~changes:(Changeset.make ["docs/introduction/compile-sources.sh"]) ~manual:Yes () in - (* Test installation of the current deb binary packages. *) - let job_install_bin ~__POS__ ~name - ?(allow_failure : Gitlab_ci.Types.allow_failure_job = Yes) - ?(rc = false) distribution = - let script = - match distribution with - | Ubuntu_focal -> - sf "./docs/introduction/install-bin-deb.sh ubuntu focal" - ^ if rc then " rc" else "" - | Ubuntu_jammy -> - sf "./docs/introduction/install-bin-deb.sh ubuntu jammy" - ^ if rc then " rc" else "" - | Debian_bookworm -> - sf "./docs/introduction/install-bin-deb.sh debian bookworm" - ^ if rc then " rc" else "" - in - job - ~allow_failure - ~__POS__ - ~name - ~image:(image_of_distribution distribution) - ~dependencies:dependencies_needs_start - ~rules:install_octez_rules - ~stage:Stages.test - [script] - in let job_install_opam_jammy : tezos_job = job ~__POS__ @@ -1271,38 +1239,7 @@ let jobs pipeline_type = [sf "./docs/introduction/compile-sources.sh %s %s" project branch] |> enable_networked_cargo in - [ - (* Test installing binary / binary RC distributions in all distributions. *) - job_install_bin - ~__POS__ - ~name:"oc.install_bin_ubuntu_focal" - Ubuntu_focal; - job_install_bin - ~__POS__ - ~name:"oc.install_bin_ubuntu_jammy" - Ubuntu_jammy; - job_install_bin - ~__POS__ - ~name:"oc.install_bin_rc_ubuntu_focal" - ~rc:true - Ubuntu_focal; - job_install_bin - ~__POS__ - ~name:"oc.install_bin_rc_ubuntu_jammy" - ~rc:true - Ubuntu_jammy; - job_install_bin - ~__POS__ - ~name:"oc.install_bin_debian_bookworm" - Debian_bookworm; - job_install_bin - ~__POS__ - ~name:"oc.install_bin_rc_debian_bookworm" - ~rc:true - Debian_bookworm; - (* Test installing through opam *) - job_install_opam_jammy; - ] + [(* Test installing through opam *) job_install_opam_jammy] @ match pipeline_type with (* These tests make sure that the compilation instructions -- GitLab From 01ece1bd3e516c9489e719edf972080eae8f578b Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Thu, 6 Jun 2024 12:58:46 +0200 Subject: [PATCH 5/8] packaging: remove redundant packaging job from release pipeline --- .../ci/pipelines/octez_release_tag_test.yml | 24 +++---------------- ci/bin/release_tag.ml | 23 ++++++------------ 2 files changed, 10 insertions(+), 37 deletions(-) diff --git a/.gitlab/ci/pipelines/octez_release_tag_test.yml b/.gitlab/ci/pipelines/octez_release_tag_test.yml index e4029812ed14..be139e16801a 100644 --- a/.gitlab/ci/pipelines/octez_release_tag_test.yml +++ b/.gitlab/ci/pipelines/octez_release_tag_test.yml @@ -282,7 +282,7 @@ gitlab:release: - ./scripts/ci/restrict_export_to_octez_source.sh - ./scripts/ci/gitlab-release.sh -apt_repo_debian_bookworm: +apt_repo_debian: image: debian:bookworm stage: prepare_release tags: @@ -300,7 +300,7 @@ apt_repo_debian_bookworm: ARCHITECTURES: amd64 GNUPGHOME: $CI_PROJECT_DIR/.gnupg -apt_repo_ubuntu_focal: +apt_repo_ubuntu: image: public.ecr.aws/lts/ubuntu:20.04_stable stage: prepare_release tags: @@ -313,25 +313,7 @@ apt_repo_ubuntu_focal: - . ./scripts/version.sh - ./scripts/ci/prepare-apt-repo.sh script: - - ./scripts/ci/create_debian_repo.sh ubuntu focal - variables: - ARCHITECTURES: amd64 - GNUPGHOME: $CI_PROJECT_DIR/.gnupg - -apt_repo_ubuntu_jammy: - image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: prepare_release - tags: - - gcp - needs: - - oc.build:dpkg:amd64 - dependencies: - - oc.build:dpkg:amd64 - before_script: - - . ./scripts/version.sh - - ./scripts/ci/prepare-apt-repo.sh - script: - - ./scripts/ci/create_debian_repo.sh ubuntu jammy + - ./scripts/ci/create_debian_repo.sh ubuntu focal jammy variables: ARCHITECTURES: amd64 GNUPGHOME: $CI_PROJECT_DIR/.gnupg diff --git a/ci/bin/release_tag.ml b/ci/bin/release_tag.ml index 192883c487e0..cfb15fe86592 100644 --- a/ci/bin/release_tag.ml +++ b/ci/bin/release_tag.ml @@ -112,26 +112,18 @@ let octez_jobs ?(test = false) release_tag_pipeline_type = in let job_build_dpkg_amd64 = job_build_dpkg_amd64 () in let job_build_rpm_amd64 = job_build_rpm_amd64 () in - let job_apt_repo_ubuntu_jammy = + let job_apt_repo_ubuntu = job_apt_repo ~__POS__ - ~name:"apt_repo_ubuntu_jammy" - ~dependencies:(Dependent [Artifacts job_build_dpkg_amd64]) - ~image:Images.ubuntu_jammy - ["./scripts/ci/create_debian_repo.sh ubuntu jammy"] - in - let job_apt_repo_ubuntu_focal = - job_apt_repo - ~__POS__ - ~name:"apt_repo_ubuntu_focal" + ~name:"apt_repo_ubuntu" ~dependencies:(Dependent [Artifacts job_build_dpkg_amd64]) ~image:Images.ubuntu_focal - ["./scripts/ci/create_debian_repo.sh ubuntu focal"] + ["./scripts/ci/create_debian_repo.sh ubuntu focal jammy"] in - let job_apt_repo_debian_bookworm = + let job_apt_repo_debian = job_apt_repo ~__POS__ - ~name:"apt_repo_debian_bookworm" + ~name:"apt_repo_debian" ~dependencies:(Dependent [Artifacts job_build_dpkg_amd64]) ~image:Images.debian_bookworm ["./scripts/ci/create_debian_repo.sh debian bookworm"] @@ -182,9 +174,8 @@ let octez_jobs ?(test = false) release_tag_pipeline_type = | false, Release_tag -> [job_opam_release] | true, Release_tag -> [ - job_apt_repo_debian_bookworm; - job_apt_repo_ubuntu_focal; - job_apt_repo_ubuntu_jammy; + job_apt_repo_debian; + job_apt_repo_ubuntu; (* This job normally runs in the {!Octez_latest_release} pipeline that is triggered manually after a release is made. However, to make release testing easier, we include it here directly. Thus, -- GitLab From db9f35526c30523bc4b6aaf8ec978f8d598300dd Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Tue, 11 Jun 2024 16:00:34 +0200 Subject: [PATCH 6/8] CIAO: Remove duplicated job job_apt_repo --- .../ci/pipelines/octez_release_tag_test.yml | 5 ++-- ci/bin/release_tag.ml | 26 ++----------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/.gitlab/ci/pipelines/octez_release_tag_test.yml b/.gitlab/ci/pipelines/octez_release_tag_test.yml index be139e16801a..4360d0fd9b42 100644 --- a/.gitlab/ci/pipelines/octez_release_tag_test.yml +++ b/.gitlab/ci/pipelines/octez_release_tag_test.yml @@ -4,6 +4,7 @@ stages: - images - build +- packaging - prepare_release - publish_release_gitlab - publish_release @@ -284,7 +285,7 @@ gitlab:release: apt_repo_debian: image: debian:bookworm - stage: prepare_release + stage: packaging tags: - gcp needs: @@ -302,7 +303,7 @@ apt_repo_debian: apt_repo_ubuntu: image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: prepare_release + stage: packaging tags: - gcp needs: diff --git a/ci/bin/release_tag.ml b/ci/bin/release_tag.ml index cfb15fe86592..6c9e0a45944b 100644 --- a/ci/bin/release_tag.ml +++ b/ci/bin/release_tag.ml @@ -40,28 +40,6 @@ type release_tag_pipeline_type = | Beta_release_tag | Non_release_tag -(* Push .deb artifacts to storagecloud apt repository. *) -let job_apt_repo ?rules ~__POS__ ~name ?(stage = Stages.prepare_release) - ?dependencies ?(archs = [Amd64]) ~image script : tezos_job = - let variables = - [ - ( "ARCHITECTURES", - String.concat " " (List.map Tezos_ci.arch_to_string_alt archs) ); - ("GNUPGHOME", "$CI_PROJECT_DIR/.gnupg"); - ] - in - job - ?rules - ?dependencies - ~__POS__ - ~stage - ~name - ~image - ~before_script: - (before_script ~source_version:true ["./scripts/ci/prepare-apt-repo.sh"]) - ~variables - script - (** Create an Octez release tag pipeline of type {!release_tag_pipeline_type}. If [test] is true (default is [false]), then the Docker images are @@ -113,7 +91,7 @@ let octez_jobs ?(test = false) release_tag_pipeline_type = let job_build_dpkg_amd64 = job_build_dpkg_amd64 () in let job_build_rpm_amd64 = job_build_rpm_amd64 () in let job_apt_repo_ubuntu = - job_apt_repo + Debian_repository.job_apt_repo ~__POS__ ~name:"apt_repo_ubuntu" ~dependencies:(Dependent [Artifacts job_build_dpkg_amd64]) @@ -121,7 +99,7 @@ let octez_jobs ?(test = false) release_tag_pipeline_type = ["./scripts/ci/create_debian_repo.sh ubuntu focal jammy"] in let job_apt_repo_debian = - job_apt_repo + Debian_repository.job_apt_repo ~__POS__ ~name:"apt_repo_debian" ~dependencies:(Dependent [Artifacts job_build_dpkg_amd64]) -- GitLab From 5945a27707b84f32c1906bd1b7d04f33be40445d Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Wed, 12 Jun 2024 10:52:45 +0200 Subject: [PATCH 7/8] CIAO: re-arrange stages for packages child pipeline --- .gitlab/ci/pipelines/debian_repository.yml | 26 ++++++++++--------- .../ci/pipelines/octez_release_tag_test.yml | 6 ++--- ci/bin/common.ml | 4 +++ ci/bin/debian_repository.ml | 10 +++---- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/.gitlab/ci/pipelines/debian_repository.yml b/.gitlab/ci/pipelines/debian_repository.yml index e673258c0b72..76ad0f8fba28 100644 --- a/.gitlab/ci/pipelines/debian_repository.yml +++ b/.gitlab/ci/pipelines/debian_repository.yml @@ -7,12 +7,14 @@ workflow: when: always stages: +- images - build -- packaging +- publishing +- publishing_tests oc.docker-build-debian-dependencies: image: ${GCP_REGISTRY}/tezos/docker-images/ci-docker:v1.12.0 - stage: build + stage: images tags: - $TAGS dependencies: [] @@ -37,7 +39,7 @@ oc.docker-build-debian-dependencies: oc.docker-build-ubuntu-dependencies: image: ${GCP_REGISTRY}/tezos/docker-images/ci-docker:v1.12.0 - stage: build + stage: images tags: - $TAGS dependencies: [] @@ -62,7 +64,7 @@ oc.docker-build-ubuntu-dependencies: oc.build-debian: image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} - stage: packaging + stage: build tags: - $TAGS dependencies: [] @@ -86,7 +88,7 @@ oc.build-debian: oc.build-ubuntu: image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} - stage: packaging + stage: build tags: - $TAGS dependencies: [] @@ -110,7 +112,7 @@ oc.build-ubuntu: oc.build-debian-current: image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} - stage: packaging + stage: build tags: - $TAGS dependencies: [] @@ -134,7 +136,7 @@ oc.build-debian-current: oc.build-ubuntu-current: image: $DEP_IMAGE:${CI_COMMIT_REF_SLUG} - stage: packaging + stage: build tags: - $TAGS dependencies: [] @@ -158,7 +160,7 @@ oc.build-ubuntu-current: apt_repo_debian_current: image: debian:bookworm - stage: packaging + stage: publishing tags: - gcp needs: @@ -176,7 +178,7 @@ apt_repo_debian_current: apt_repo_ubuntu_current: image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: packaging + stage: publishing tags: - gcp needs: @@ -194,7 +196,7 @@ apt_repo_ubuntu_current: oc.install_bin_ubuntu_focal: image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: packaging + stage: publishing_tests tags: - gcp needs: @@ -205,7 +207,7 @@ oc.install_bin_ubuntu_focal: oc.install_bin_ubuntu_jammy: image: public.ecr.aws/lts/ubuntu:22.04_stable - stage: packaging + stage: publishing_tests tags: - gcp needs: @@ -216,7 +218,7 @@ oc.install_bin_ubuntu_jammy: oc.install_bin_debian_bookworm: image: debian:bookworm - stage: packaging + stage: publishing_tests tags: - gcp needs: diff --git a/.gitlab/ci/pipelines/octez_release_tag_test.yml b/.gitlab/ci/pipelines/octez_release_tag_test.yml index 4360d0fd9b42..26254bb74d71 100644 --- a/.gitlab/ci/pipelines/octez_release_tag_test.yml +++ b/.gitlab/ci/pipelines/octez_release_tag_test.yml @@ -4,7 +4,7 @@ stages: - images - build -- packaging +- publishing - prepare_release - publish_release_gitlab - publish_release @@ -285,7 +285,7 @@ gitlab:release: apt_repo_debian: image: debian:bookworm - stage: packaging + stage: publishing tags: - gcp needs: @@ -303,7 +303,7 @@ apt_repo_debian: apt_repo_ubuntu: image: public.ecr.aws/lts/ubuntu:20.04_stable - stage: packaging + stage: publishing tags: - gcp needs: diff --git a/ci/bin/common.ml b/ci/bin/common.ml index daff903745c4..3e06c79a4308 100644 --- a/ci/bin/common.ml +++ b/ci/bin/common.ml @@ -47,6 +47,10 @@ module Stages = struct let packaging = Stage.register "packaging" + let publishing = Stage.register "publishing" + + let publishing_tests = Stage.register "publishing_tests" + let doc = Stage.register "doc" let prepare_release = Stage.register "prepare_release" diff --git a/ci/bin/debian_repository.ml b/ci/bin/debian_repository.ml index 102de6d979ef..0d7cdeb71242 100644 --- a/ci/bin/debian_repository.ml +++ b/ci/bin/debian_repository.ml @@ -34,8 +34,8 @@ let ubuntu_package_release_matrix = [[("RELEASE", ["focal"; "jammy"]); ("TAGS", ["gcp"; "gcp_arm64"])]] (* Push .deb artifacts to storagecloud apt repository. *) -let job_apt_repo ?rules ~__POS__ ~name ?(stage = Stages.packaging) ?dependencies - ?(archs = [Amd64]) ~image script : tezos_job = +let job_apt_repo ?rules ~__POS__ ~name ?(stage = Stages.publishing) + ?dependencies ?(archs = [Amd64]) ~image script : tezos_job = let variables = [ ( "ARCHITECTURES", @@ -65,7 +65,7 @@ let jobs = job_docker_authenticated ~__POS__ ~name - ~stage:Stages.build + ~stage:Stages.images ~variables:(variables [("DISTRIBUTION", distribution)]) ~parallel:(Matrix matrix) ~tag:Dynamic @@ -91,7 +91,7 @@ let jobs = ~__POS__ ~name ~image:build_debian_packages_image - ~stage:Stages.packaging + ~stage:Stages.build ~variables:(variables [("DISTRIBUTION", distribution)]) ~parallel:(Matrix matrix) ~tag:Dynamic @@ -181,7 +181,7 @@ let jobs = ~name ~image ~dependencies - ~stage:Stages.packaging + ~stage:Stages.publishing_tests script in [ -- GitLab From fe229ac6fc949031096daec41cc07b74ebc95fb0 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Wed, 19 Jun 2024 09:56:46 +0200 Subject: [PATCH 8/8] scripts: fix installation tests in docs --- docs/introduction/install-bin-deb.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/introduction/install-bin-deb.sh b/docs/introduction/install-bin-deb.sh index 7eb0176ef51f..e8eabb27aa73 100755 --- a/docs/introduction/install-bin-deb.sh +++ b/docs/introduction/install-bin-deb.sh @@ -13,6 +13,7 @@ fi # If it's a protected branch the value of $bucket will # be set accordingly but the CI. bucket="$GCP_LINUX_PACKAGES_BUCKET" +protocol=$(head -1 script-inputs/active_protocol_versions_without_number) # This logic must be kept in sync with the script in # ./scripts/ci/create_debian_repo.sh @@ -70,5 +71,5 @@ sudo apt-get install -y octez-baker # [test executables] octez-client --version octez-node --version -octez-baker-Proxford --version -octez-accuser-Proxford --version +"octez-baker-$protocol" --version +"octez-accuser-$protocol" --version -- GitLab