forked from cryptoadvance/specter-desktop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
284 lines (260 loc) · 10.4 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
# this image contains python, bitcoind and docker
# check docker/python-bitcoind on how it's built
image: registry.gitlab.com/cryptoadvance/specter-desktop/python-bitcoind:v22.0
variables:
# Cache documentation: https://docs.gitlab.com/ee/ci/caching/
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
cache:
# enable per-job and per-branch caching
- key:
files:
- ./requirements.txt
prefix: "$CI_JOB_NAME"
paths:
- .cache/pip
- .env
stages:
- testing
- releasing
- post_releasing
before_script:
- docker info || echo "no docker-command found" # Print out docker version for debugging
- echo CI_PROJECT_NAMESPACE = $CI_PROJECT_NAMESPACE
- echo CI_PROJECT_ROOT_NAMESPACE = $CI_PROJECT_ROOT_NAMESPACE
- python -V # Print out python version for debugging
- apt update
- apt install -y libusb-1.0-0-dev libudev-dev # usb-support in hidapi
# This doesn't get cached in gitlab but we don't need it anyway for now:
# - ./tests/install_noded.sh --debug --elements compile
- pip3 install --upgrade virtualenv
- virtualenv --python=python3 .env
- source .env/bin/activate
check:
stage: testing
# We simply check here whether all the tests on github are completed and green
script:
- ./utils/release.sh wait_on_master || exit 1 # that command will have a non-0 exit-value if not everything is green
# jobs with a preceding . like .test are hidden jobs and are not executed. I leave them in here as
# we might want to reactivate them in the case that github explodes or something.
# So effectively, gitlab is currently only used for releasing.
.test:
stage: testing
# We assume here that people who want to get code into the master-branch are
# relying on PRs and people who are working on gitlab-forks are working
# on CI which probably want fast feedback on the releasing-jobs
# and therefore skip the test-job
# tem deactivated as it did not work as expected
#only:
# - $CI_PROJECT_ROOT_NAMESPACE =~ "cryptoadvance"
script:
- pip3 install -r requirements.txt
- pip3 install -e .
- pip3 install -e ".[test]"
- python3 setup.py install # compiles babel stuff as well (might make pip install obsolete)
- py.test --cov-report term --cov cryptoadvance
.test-cypress:
image: registry.gitlab.com/cryptoadvance/specter-desktop/cypress-python-jammy:v9.7.0
stage: testing
script:
# start the server in the background
- pip3 install -e .
- pip3 install -e ".[test]"
- python3 setup.py install # compiles babel stuff as well (might make pip install obsolete)
- npm i
- ./utils/test-cypress.sh --docker --debug run
- docker ps || echo "probably no docker available anyway"
artifacts:
when: always
paths:
- cypress/videos/**/*.mp4
- cypress/screenshots/**/*.png
expire_in: 1 day
release_pip:
stage: releasing
only:
- tags
script:
- pip3 install -e .
- pip3 install -e ".[test]"
- pip3 install .
- pip3 install build==0.10.0 twine
- python3 -m build
- ls -l dist
# twine reads the password from the env-var TWINE_PASSWORD
# Either testing it or doing the real thing depending on which gitlab-project we're running:
- if ! [[ ${CI_PROJECT_ROOT_NAMESPACE} = "cryptoadvance" ]]; then python3 -m twine upload --verbose --user __token__ dist/* --repository-url https://test.pypi.org/legacy/ ; fi
- if [[ ${CI_PROJECT_ROOT_NAMESPACE} = "cryptoadvance" ]]; then python3 -m twine upload --verbose --user __token__ dist/* ; fi
- cd dist
- sha256sum cryptoadvance.specter-*.tar.gz > SHA256SUMS-pip
- ../utils/artifact_signer.sh sign --artifact ./SHA256SUMS-pip
- cd ..
- cat ./dist/SHA256SUMS-pip
#- python ./utils/github.py upload ./dist/SHA256SUMS-pip
#- python ./utils/github.py upload ./dist/SHA256SUMS-pip.asc
- python ./utils/github.py upload ./dist/cryptoadvance.specter-*.tar.gz
artifacts:
when: always
paths:
- dist/*
expire_in: 1 day
release_binary_windows:
stage: releasing
only:
- tags
tags:
- windows
before_script:
- whoami
- python -V
- pip3 --version
- pip install virtualenv
- virtualenv --python=python3 .env
- .\.env\Scripts\activate
- pip3 install -e ".[test]"
script:
# This script won't execute if the script before that fails
# No need to check the version-scheme again
- echo "Releasing for ${CI_PROJECT_ROOT_NAMESPACE}"
- .\pyinstaller\build-win-ci.bat $CI_COMMIT_TAG
- python ./utils/github.py upload ./pyinstaller/release/specterd-$CI_COMMIT_TAG-win64.zip
- cd ./pyinstaller/release
- python ..\..\utils\release-helper.py sha256sums specterd-$CI_COMMIT_TAG-win64.zip > SHA256SUMS-windows
- type SHA256SUMS-windows
- echo $GPG_PASSPHRASE | c:\Program` Files` `(x86`)\GnuPg\bin\gpg --detach-sign --armor --no-tty --batch --yes --passphrase-fd 0 --pinentry-mode loopback SHA256SUMS-windows
artifacts:
when: always
paths:
- pyinstaller/release/*
expire_in: 1 day
cache:
key:
files:
- ./pyinstaller/electron/package-lock.json
prefix: $CI_JOB_NAME
paths:
- ./pyinstaller/electron/node_modules
release_electron_linux_windows:
image: registry.gitlab.com/cryptoadvance/specter-desktop/electron-builder:latest
stage: releasing
only:
- tags
needs:
- release_binary_windows
before_script:
- python3 -V # Print out python version for debugging
- apt update
- apt install -y unzip libusb-1.0-0-dev libudev-dev # usb-support in hidapi
- pip3 install virtualenv
# Only difference to default befor_script: (ToDo fix this)
- python3 -m virtualenv --python=python3 .env
- source .env/bin/activate
- pip3 install -e ".[test]"
script:
- echo "Releasing for ${CI_PROJECT_ROOT_NAMESPACE}"
- export CI_PROJECT_ROOT_NAMESPACE # needed in the build-script to download the right windows-binary
- ./utils/build-unix.sh --version $CI_COMMIT_TAG make-hash specterd electron-linux electron-win
- ls -l release
- cd release
- sha256sum specterd-${CI_COMMIT_TAG}-x86_64-linux-gnu.zip specter_desktop-${CI_COMMIT_TAG}-x86_64-linux-gnu.tar.gz > ./SHA256SUMS-linux
- cat ./SHA256SUMS-linux
- sha256sum Specter-Setup-${CI_COMMIT_TAG}.exe > ./SHA256SUMS-win
- cat ./SHA256SUMS-win
- cd ..
- ./utils/artifact_signer.sh sign --artifact ./release/SHA256SUMS-win
- ./utils/artifact_signer.sh sign --artifact ./release/SHA256SUMS-linux
- python3 ./utils/github.py upload ./release/Specter-Setup-${CI_COMMIT_TAG}.exe
- python3 ./utils/github.py upload ./release/specterd-${CI_COMMIT_TAG}-x86_64-linux-gnu.zip
- python3 ./utils/github.py upload ./release/specter_desktop-${CI_COMMIT_TAG}-x86_64-linux-gnu.tar.gz
#- python3 ../utils/github.py upload ./release/SHA256SUMS-linux
#- python3 ../utils/github.py upload ./release/SHA256SUMS-linux.asc
#- python3 ../utils/github.py upload ./release/SHA256SUMS-win
#- python3 ../utils/github.py upload ./release/SHA256SUMS-win.asc
cache:
key:
files:
- ./pyinstaller/electron/package-lock.json
prefix: $CI_JOB_NAME
paths:
- ./pyinstaller/electron/node_modules
artifacts:
when: always
paths:
- release/Specter-Setup-${CI_COMMIT_TAG}.exe
- release/specterd-${CI_COMMIT_TAG}-x86_64-linux-gnu.zip
- release/specter_desktop-${CI_COMMIT_TAG}-x86_64-linux-gnu.tar.gz
- release/SHA256SUMS-linux
- release/SHA256SUMS-linux.asc
- release/SHA256SUMS-win
- release/SHA256SUMS-win.asc
expire_in: 1 day
release_signatures:
stage: post_releasing
only:
- tags
before_script:
- python -V # Print out python version for debugging
- pip3 install --upgrade virtualenv
- virtualenv --python=python3 .env
- source .env/bin/activate
- pip3 install -e ".[test]"
- ./utils/artifact_signer.sh init # prepare .gnupg
script:
- python3 -m utils.release-helper download # downloads the job-artifacts from gitlab
- python3 -m utils.release-helper downloadgithub # downloads additional artifacts from github (if not there and is they have SHA256SUMS-something)
- python3 -m utils.release-helper checksigs # checks the signatures of all SHA256SUMM*.asc files
- python3 -m utils.release-helper checkhashes # checks all SHA256SUM* files (might modify files on the fly due to windows line endings)
- python3 -m utils.release-helper create # creates a SHA256SUM
- ./utils/artifact_signer.sh sign --artifact ./signing_dir/SHA256SUMS # Signs the SHA256SUM
- python3 -m utils.release-helper upload_shasums # uploads SHA256SUMS to github
- python3 -m utils.release-helper upload_shasumssig # uploads SHA256SUMS.asc to github
release_docker:
stage: post_releasing
only:
- tags
before_script:
- echo "Triggering Docker Release"
script:
- ./utils/trigger_docker_build.sh
# Tagging the current master-branch of https://github.com/cryptoadvance/specterext-dummy
# with the same CI_COMMIT_TAG
tag_specterext_dummy_repo:
stage: post_releasing
only:
- tags
before_script:
## Install ssh-agent if not already installed, it is required by Docker.
## (change apt-get to yum if you use an RPM-based image)
##
- 'which ssh-agent || ( apk update && apk add --no-cache bash git openssh )'
- docker info
##
## Run ssh-agent (inside the build environment)
##
- eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
- echo "$SSH_SPECTEREXT_DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null
##
## Create the SSH directory and give it the right permissions
##
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
##
## Optionally, if you will be using any Git commands, set the user name and
## and email.
##
- git config --global user.email "specter@secretvalues"
- git config --global user.name "specter"
##
## Assuming you created the SSH_KNOWN_HOSTS variable, uncomment the
## following two lines.
##
- echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- echo "Now tagging ... [email protected]:${CI_PROJECT_ROOT_NAMESPACE}/specterext-dummy.git"
- ./utils/tag_specterext_dummy.sh