mirror of
https://github.com/ironfox-oss/IronFox.git
synced 2025-12-23 22:30:03 -05:00
279 lines
7.4 KiB
YAML
279 lines
7.4 KiB
YAML
.build_setup_steps: &build_setup_steps
|
|
before_script:
|
|
- mkdir -p "$GRADLE_USER_HOME"
|
|
- mkdir -p "$CARGO_HOME"
|
|
- mkdir -p /opt/IronFox
|
|
- echo "$SB_GAPI_KEY" > "$SB_GAPI_KEY_FILE"
|
|
- |
|
|
curl \
|
|
--request GET \
|
|
--header "JOB-TOKEN: $CI_JOB_TOKEN" \
|
|
"${CI_API_V4_URL}/projects/$CI_PROJECT_ID/secure_files/$KEYSTORE_SECFILEID/download" \
|
|
--output "$KEYSTORE"
|
|
|
|
.build_cache: &build_cache
|
|
- key: cache-cargo-$CI_COMMIT_REF_SLUG
|
|
policy: pull-push
|
|
paths:
|
|
# Cargo cache
|
|
# See: https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
|
|
- .cache/cargo/.crates.toml
|
|
- .cache/cargo/.crates2.json
|
|
- .cache/cargo/bin/
|
|
- .cache/cargo/registry/index/
|
|
- .cache/cargo/registry/cache/
|
|
- .cache/cargo/git/db/
|
|
- key: cache-gradle-$CI_COMMIT_REF_SLUG
|
|
policy: pull-push
|
|
paths:
|
|
- .cache/gradle/caches
|
|
- .cache/gradle/wrapper
|
|
|
|
default:
|
|
cache: []
|
|
|
|
variables: &build_variables
|
|
PRODUCTION_BRANCH: main
|
|
SB_GAPI_KEY_FILE: /opt/IronFox/sb-gapi.data
|
|
KEYSTORE: /opt/IronFox/signing-key.jks
|
|
GRADLE_USER_HOME: "$CI_PROJECT_DIR/.cache/gradle"
|
|
CARGO_HOME: "$CI_PROJECT_DIR/.cache/cargo"
|
|
IF_CI_NAME: "IronFox CI"
|
|
IF_CI_USERNAME: "ironfox-ci"
|
|
IF_CI_EMAIL: "ci@ironfoxoss.org"
|
|
|
|
stages:
|
|
- build_fdroid
|
|
- build_site
|
|
- build_docker
|
|
- build_ironfox
|
|
- release
|
|
|
|
update-fdroid-repo:
|
|
image: fedora:43
|
|
stage: build_fdroid
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE != "ironfox-oss"
|
|
when: never
|
|
- if: $CI_COMMIT_TAG
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
variables:
|
|
FDROID_REPO_PATH: ironfox-oss/fdroid
|
|
FDROID_REPO_BRANCH: dev
|
|
META_REPO_BRANCH: main
|
|
META_DIR_PATH: "./fdroid/metadata"
|
|
META_FILE_NAME: "org.ironfoxoss.ironfox.yml"
|
|
REPO_DIR_PATH: "./fdroid/repo"
|
|
<<: *build_variables
|
|
before_script:
|
|
- sudo dnf install -y bash curl git git-lfs jq make python3 python3-pip
|
|
- pip install androguard
|
|
- git config --global user.email "$IF_CI_EMAIL"
|
|
- git config --global user.name "$IF_CI_NAME"
|
|
- git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"
|
|
script:
|
|
- bash -x scripts/ci-update-fdroid.sh
|
|
|
|
update-site-repo:
|
|
image: fedora:43
|
|
stage: build_site
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE != "ironfox-oss"
|
|
when: never
|
|
- if: $CI_COMMIT_TAG
|
|
- if: $CI_COMMIT_BRANCH == "dev"
|
|
changes:
|
|
- scripts/a-s-patches.yaml
|
|
- scripts/glean-patches.yaml
|
|
- scripts/patches.yaml
|
|
- scripts/ci-update-site.sh
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
variables:
|
|
TARGET_REPO_PATH: ironfox-oss/ironfoxoss.org
|
|
TARGET_REPO_BRANCH: dev
|
|
<<: *build_variables
|
|
before_script:
|
|
- sudo dnf install -y bash curl git make python3 python3-pip yq
|
|
- pip install pyyaml
|
|
- git config --global user.email "$IF_CI_EMAIL"
|
|
- git config --global user.name "$IF_CI_NAME"
|
|
- git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"
|
|
script:
|
|
- bash -x scripts/ci-update-site.sh
|
|
|
|
build-docker:
|
|
image: docker:cli
|
|
stage: build_docker
|
|
services:
|
|
- docker:dind
|
|
variables:
|
|
DOCKER_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
|
|
before_script:
|
|
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
|
script:
|
|
- docker build --pull -t "$DOCKER_IMAGE_NAME" .
|
|
- docker push "$DOCKER_IMAGE_NAME"
|
|
- |
|
|
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
|
|
docker tag "$DOCKER_IMAGE_NAME" "$CI_REGISTRY_IMAGE:latest"
|
|
docker push "$CI_REGISTRY_IMAGE:latest"
|
|
fi
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE != "ironfox-oss"
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH
|
|
exists:
|
|
- Dockerfile
|
|
changes:
|
|
- Dockerfile
|
|
- .gitlab-ci.yml
|
|
- if: $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
|
|
build-apk:
|
|
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
|
|
stage: build_ironfox
|
|
timeout: 2h
|
|
needs:
|
|
- job: "build-docker"
|
|
optional: true
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
parallel:
|
|
matrix:
|
|
- BUILD_VARIANT: ["arm", "arm64", "x86_64"]
|
|
variables:
|
|
<<: *build_variables
|
|
<<: *build_setup_steps
|
|
script:
|
|
- mkdir -vp "$CI_PROJECT_DIR/artifacts/logs"
|
|
- BUILD_LOG_FILE="$CI_PROJECT_DIR/artifacts/logs/build-apk-$BUILD_VARIANT.log"
|
|
- echo "Building APK..." > "$BUILD_LOG_FILE" 2>&1
|
|
- bash -x scripts/ci-build.sh >> "$BUILD_LOG_FILE" 2>&1
|
|
artifacts:
|
|
untracked: false
|
|
when: always
|
|
when: always
|
|
access: all
|
|
expire_in: "30 days"
|
|
paths:
|
|
- $CI_PROJECT_DIR/artifacts/apk/**/*
|
|
- $CI_PROJECT_DIR/artifacts/aar/**/*
|
|
- $CI_PROJECT_DIR/artifacts/logs/**/*
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE != "ironfox-oss"
|
|
when: never
|
|
- changes:
|
|
- patches/**/*
|
|
- scripts/**/*
|
|
- Dockerfile
|
|
- .gitlab-ci.yml
|
|
- if: $CI_COMMIT_TAG
|
|
when: never
|
|
|
|
build-bundle:
|
|
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
|
|
stage: build_ironfox
|
|
timeout: 2h
|
|
needs:
|
|
- job: "build-docker"
|
|
optional: true
|
|
- job: "build-apk"
|
|
artifacts: true
|
|
optional: false
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
variables:
|
|
BUILD_VARIANT: "bundle"
|
|
<<: *build_variables
|
|
<<: *build_setup_steps
|
|
script:
|
|
- mkdir -vp "$CI_PROJECT_DIR/artifacts/logs"
|
|
- BUILD_LOG_FILE="$CI_PROJECT_DIR/artifacts/logs/build-bundle.log"
|
|
- echo "Building Bundle..." > "$BUILD_LOG_FILE" 2>&1
|
|
- bash -x scripts/ci-build.sh >> "$BUILD_LOG_FILE" 2>&1
|
|
artifacts:
|
|
untracked: false
|
|
when: always
|
|
when: always
|
|
access: all
|
|
expire_in: "30 days"
|
|
paths:
|
|
- $CI_PROJECT_DIR/artifacts/apks/**/*
|
|
- $CI_PROJECT_DIR/artifacts/logs/**/*
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE != "ironfox-oss"
|
|
when: never
|
|
- changes:
|
|
- patches/**/*
|
|
- scripts/**/*
|
|
- Dockerfile
|
|
- .gitlab-ci.yml
|
|
- if: $CI_COMMIT_TAG
|
|
when: never
|
|
|
|
prepare-release:
|
|
image: alpine:latest
|
|
stage: release
|
|
interruptible: true
|
|
needs:
|
|
- job: "build-docker"
|
|
optional: true
|
|
- job: "build-apk"
|
|
artifacts: true
|
|
optional: true
|
|
- job: "build-bundle"
|
|
artifacts: true
|
|
optional: true
|
|
rules:
|
|
- if: $CI_COMMIT_TAG
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH && $CI_COMMIT_MESSAGE =~ /\[skip-release\]/
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
variables:
|
|
<<: *build_variables
|
|
before_script:
|
|
- apk add --update --no-cache bash curl jq
|
|
script:
|
|
- bash -x scripts/ci-publish-packages.sh
|
|
artifacts:
|
|
untracked: false
|
|
when: on_success
|
|
access: all
|
|
expire_in: "30 days"
|
|
paths:
|
|
- build/release.yml
|
|
|
|
publish-release:
|
|
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
|
stage: release
|
|
interruptible: true
|
|
needs:
|
|
- job: "prepare-release"
|
|
artifacts: true
|
|
optional: false
|
|
rules:
|
|
- if: $CI_COMMIT_TAG
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH && $CI_COMMIT_MESSAGE =~ /\[skip-release\]/
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH
|
|
tags:
|
|
- saas-linux-2xlarge-amd64
|
|
variables:
|
|
<<: *build_variables
|
|
script:
|
|
- |
|
|
release-cli \
|
|
--server-url "$CI_SERVER_URL" \
|
|
--project-id "$CI_PROJECT_ID" \
|
|
--private-token "$GITLAB_CI_API_TOKEN" \
|
|
create-from-file \
|
|
--file build/release.yml
|