blob: c45f54c62ccf1c2509d36e704ce075d9048b23cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
|
projects:
- project: ick_systree
pipelines:
- build_debian_systree
parameters:
debian_codename: stretch
packages:
- git
- jq
- python3-all
- python3-bottle
- python-cliapp
- python3-cliapp
- python3-coverage-test-runner
- python3-apifw
- python3-slog
- python3-cryptography
- python3-requests
- python-requests
- pycodestyle
- pylint3
- gunicorn3
- python3-yaml
- cmdtest
- copyright-statement-lint
- debhelper
- devscripts
- ansible
artifact_name: ick_systree
notify: [liw@liw.fi]
- project: ick2
parameters:
git_url: git://git.liw.fi/ick2
git_ref: master
git_dir: src
upload_target: stretch-ci
package_prefix: ""
systree_name: ick_systree
artifact_name: ick2-workspace
notify: [liw@liw.fi]
pipelines:
- prepare_container
- prepare_workspace
- build_deb_ci
- upload_deb
- persist_workspace
- copy_ssh_key
- get_ick_playbook
# - deploy_ick
pipelines:
# Build a Debian systree. This is mostly just the debootstrap
# action, but with some juggling to configure APT.
- pipeline: build_debian_systree
parameters:
- debian_codename
- packages
- artifact_name
actions:
- debootstrap: auto
mirror: http://deb.debian.org/debian
where: host
- shell: |
env
dpkg -l '*gnupg*'
dpkg -S bin/gpg
apt-key export code.liw.fi > code.liw.fi.asc
# This is needed for ca-certificates-java
sudo mount --bind /proc proc
where: host
- shell: |
apt-get install -y gnupg
env
dpkg -l '*gnupg*'
dpkg -S bin/gpg
apt-key add code.liw.fi.asc
cat <<EOF > /etc/apt/sources.list.d/code.liw.fi.list
deb http://code.liw.fi/debian unstable main
EOF
apt-get update
where: chroot
- shell: |
apt-get install -y python3
where: chroot
- python: |
import os, subprocess
def runcmd(argv, **kwargs):
subprocess.check_call(argv, **kwargs)
runcmd(['apt-get', 'install', '-y'] + params['packages'])
where: chroot
- shell: |
sudo umount proc
where: host
- archive: workspace
where: host
# Prepare container for building: get systree from artifact store,
# copy .ssh from host into workspace, and configure ssh client and
# dput. Also install missing tools.
- pipeline: prepare_container
actions:
- action: populate_systree
where: host
# Prepare workspace for building: retrieve source code from git. The
# source goes into the "src" subdirectory, mostly because Debian
# package building likes to put things into the parent directory of
# where the build happens.
- pipeline: prepare_workspace
parameters:
- git_url
- git_ref
- git_dir
actions:
- action: git
where: host
- shell: |
dir="$(params | jq -r .git_dir)"
ref="$(params | jq -r .git_ref)"
cd "$dir"
git checkout "$ref"
git merge "origin/$ref"
where: container
# Build Debian packages. This is a CI build, which means a new
# debian/changelog entry is created, with a version number that
# contains the build number. This way every build results in a new
# package version.
- pipeline: build_deb_ci
parameters:
- git_url
- git_branch
- upload_target
- package_prefix
actions:
- shell: |
# Remove remnants of Debian packages from previous builds.
rm -f *_*
missing() {
dpkg-checkbuilddeps 2>&1 |
sed 's/^.*Unmet build dependencies: //' |
tr ' ' '\n' |
grep -v '[()]'
}
for deb in $(cd src && missing)
do
apt-get install -y "$deb"
done
T="$(params | jq -r .upload_target)"
PREFIX="$(params | jq -r .package_prefix)"
cd src
case "$PREFIX" in
?*)
sed -i "/^Source: */s//&${PREFIX}/" debian/control
sed -i "/^Package: */s//&${PREFIX}/" debian/control
;;
esac
cat debian/control
S="$(dpkg-parsechangelog -S Source)"
U="$(dpkg-parsechangelog -S Version | sed 's/-.*$//')"
D="$(dpkg-parsechangelog -S Version | sed 's/^.*-//')"
U2="${U}.0ci${BUILD_NUMBER}-1"
dch -v "${U2}-1" --package "${PREFIX}${S}" -D "$T" \
--force-distribution "CI build"
dch -r ''
git archive HEAD | xz > ../"${PREFIX}${S}_${U2}.orig.tar.xz"
dpkg-buildpackage -us -uc
where: container
# Upload all built Debian packages.
- pipeline: upload_deb
actions:
- action: dput
where: host
- pipeline: persist_workspace
parameters:
- systree_name
actions:
- archive: workspace
where: host
- pipeline: copy_ssh_key
actions:
- shell: |
sudo cp -a /home/_ickwm/.ssh .
where: host
- pipeline: get_ick_playbook
actions:
- shell: |
git clone git://git.liw.fi/ick2-ansible
git clone git://git.liw.fi/debian-ansible
where: container
- pipeline: deploy_ick
actions:
- shell: |
rm -rf /root/.ssh
mv .ssh /root/.
chown -R root:root /root/.ssh
cat << EOF > /root/.ssh/config
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
EOF
git clone ssh://git@git.liw.fi/private/liw/ci-prod-vars
cd ick2-ansible
export ANSIBLE_ROLES_PATH=/workspace/debian-ansible/roles
./run-cluster.sh hosts.ci-prod -e @/workspace/ci-prod-vars/ci-prod-vars.yml
cat hosts.ci-prod-workers
ssh -v root@ci-prod-workers-worker1.vm.liw.fi hostname
./run-workers.sh hosts.ci-prod-workers ci-prod-controller.vm.liw.fi -e @/workspace/ci-prod-vars/ci-prod-vars.yml
# ./run-cluster.sh hosts.demo -e @/workspace/ci-prod-vars/demo-ick-vars.yml
# ./run-workers.sh hosts.demo-workers demo-controller.vm.liw.fi -e @/workspace/ci-prod-vars/demo-ick-vars.yml
where: container
|