debug apkg-deploy.sh script

.gitlab-ci.yml

@@ -95,4 +95,5 @@ deploy:
   stage: deploy
   needs: ["build","rebuild:packages"]
   script:
-    - apkg-deploy.sh
+    - chmod +x ./apkg-deploy.sh
+    - ./apkg-deploy.sh

apkg-deploy.sh

+#!/usr/bin/bash
+# Copyright (c) 2015-2023 Eric Vidal <eric@obarun.org>
+# All rights reserved.
+#
+# This file is part of Obarun. It is subject to the license terms in
+# the LICENSE file found in the top-level directory of this
+# distribution.
+# This file may not be copied, modified, propagated, or distributed
+# except according to the terms contained in the LICENSE file.
+
+
+export PROG="${0##*/}"
+export CLOCK_ENABLED=0
+export COLOR_ENABLED=1
+export VERBOSITY=1
+export ODB_WORKDIR="${CI_PROJECT_DIR}/packages"
+
+die() {
+    oblog -f "${@}"
+    exit 111
+}
+
+clean_up() {
+    local wstat=${1:-$?}
+
+    # unhook all traps to avoid race conditions
+    trap '' EXIT TERM HUP QUIT INT ERR
+
+    oblog "Release lock of repository ${repo}"
+    odb -r "${repo}" unlock
+
+    exit $wstat
+}
+
+pacman_search() {
+
+    local repo="${1}" package="${2}" tag="${3}"
+
+    if ! pacman -Sl "${repo}" --config "${CI_PROJECT_DIR}"/pacman.conf | grep "${package} ${tag}"; then
+        return 1
+    else
+        return 0
+    fi
+}
+
+pacman_create_config() {
+    oblog "create temporary pacman configuration file"
+    echo "
+[options]
+Architecture = auto
+Color
+ParallelDownloads = 5
+
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+
+[obcore-testing]
+SigLevel = Required
+Server = https://cloud.server.obarun.org/\$repo/os/\$arch/
+
+[obcore]
+SigLevel = Required
+Server = https://cloud.server.obarun.org/\$repo/os/\$arch/
+
+[obextra-testing]
+SigLevel = Required
+Server = https://cloud.server.obarun.org/\$repo/os/\$arch/
+
+[obextra]
+SigLevel = Required
+Server = https://cloud.server.obarun.org/\$repo/os/\$arch/
+
+[core-testing]
+SigLevel = DatabaseOptional
+Include = /etc/pacman.d/mirrorlist
+
+[core]
+SigLevel = DatabaseOptional
+Include = /etc/pacman.d/mirrorlist
+
+[extra-testing]
+SigLevel = DatabaseOptional
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+SigLevel = DatabaseOptional
+Include = /etc/pacman.d/mirrorlist
+" > "${CI_PROJECT_DIR}"/pacman.conf
+}
+
+gpg_fingerprint=$(echo "${GPG_SIGN_KEY_FINGERPRINT}" | base64 -d | tr -d '\r')
+
+repo="${CI_PROJECT_NAMESPACE##*/}"
+arch_repo="${repo/ob/}"
+tag=$(git describe --tags --abbrev=0)
+
+pacman_create_config
+
+oblog "Synchronizing db"
+pacman -Syy --config "${CI_PROJECT_DIR}"/pacman.conf
+
+if pacman_search "${arch_repo}-testing" "${CI_PROJECT_NAME}" "${tag}"; then
+    repo="${repo}-testing"
+fi
+
+cd "${CI_PROJECT_DIR}"
+
+oblog "Create directory ${CI_PROJECT_DIR}/packages/db"
+mkdir -p packages/db || die "unable to create ${CI_PROJECT_DIR}/packages/db directory"
+
+oblog "Move compressed packages to packages directory"
+mv *.pkg.tar.xz packages
+
+trap 'clean_up' EXIT
+
+apkg-lock.sh "${repo}" || die "unable to lock the repository"
+
+oblog "Download db files from ${repo}"
+odb -r "${repo}" -d download || die "unable to download db files"
+
+packages=( $(find packages -maxdepth 1 -type f) )
+db="${repo}.db.tar.gz"
+
+oblog "Import gpg key"
+echo "${GPG_SIGN_KEY}" | base64 -d | gpg --import || die "unable to import gpg key"
+
+oblog "add gpg to pacman keyring"
+echo "${GPG_SIGN_KEY_PUBLIC}" | base64 -d > public.key
+pacman-key --init || die "unable to init pacman db"
+pacman-key --add public.key  || die "unable to add gpg key to pacman keyring"
+pacman-key --lsign-key "${gpg_fingerprint}"
+
+oblog "Sign package(s) and add it to db"
+for package in "${packages[@]}"; do
+    gpg --detach-sign --no-armor packages/"${package##*/}"
+    repo-add packages/db/"${db}" packages/"${package##*/}" --sign --key "${gpg_fingerprint}" || die "unable to add package to db"
+done
+
+oblog "Destroy gpg configuration"
+rm -f public.key
+rm -rf /root/.gnupg
+
+oblog "Upload packages to ${repo}"
+odb -r "${repo}" upload || die "unable to upload packages"
+
+oblog "Upload db to ${repo}"
+odb -r "${repo}" -d upload || die "unable to upload db"
+
+oblog "Archive old packages"
+odb -r "${repo}" archive || die "unable to archive packages"
+
+clean_up 0