-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathrun
executable file
·147 lines (130 loc) · 4.38 KB
/
run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash
#
# Copyright (C) 2022 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-2.0-only
#
#
# Launch podman image to build nethsecurity
# As default the script mounts as volume staging and build dirs to speedup successibe builds
#
workdir=$(pwd)
image_tag=${IMAGE_TAG}
if [ -z "$image_tag" ]; then
# use latest tag for the builder
image_tag=$(git describe --tags --abbrev=0)
fi
image="ghcr.io/nethserver/nethsecurity-builder:$image_tag"
VALID_ARGS=$(getopt -o n --long no-cache -- "$@")
if [[ $? -ne 0 ]]; then
exit 1;
fi
cache=1
opts=""
eval set -- "$VALID_ARGS"
while [ : ]; do
case "$1" in
-n | --no-cache)
echo "Disable caching"
cache=0
shift
;;
--) shift;
break
;;
esac
done
# Setup output dir
# Delete existing backup, but save current output before starting the build
if [ -d bin ]; then
rm -rf bin.bak
mv bin bin.bak
fi
# Setup cache volumes
if [ $cache -ge 1 ]; then
vsuffix=""
if [ "$image_tag" == "snapshot" ]; then
vsuffix="_snapshot"
fi
opts=" -v nethsecurity-build_dir$vsuffix:/home/build/openwrt/build_dir:z -v nethsecurity-staging_dir$vsuffix:/home/build/openwrt/staging_dir:z -v nethsecurity-ccache$vsuffix:/home/build/openwrt/.ccache -v nethsecurity-download$vsuffix:/home/build/openwrt/download"
fi
# Download latest image
podman pull $image
# Remove existing container
if [ "$(podman ps -a --format '{{.Names}}')" == "nethsec-builder" ]; then
podman rm nethsec-builder
fi
# Use VERSION from the environment, need for CI
# VERSION has the following format: 8-<owrt_release>-ns.<nethsecurity_release>[-<commit_since_last_tag>-g<commit_hash>]
if [ -z "${VERSION}" ]; then
# Setup version from git if the env var is not set
# Make sure to fetch all history to generate a correct git-descrive
git fetch --prune --unshallow &> /dev/null
VERSION=$(git describe)
fi
# Force snapshot version for snapshot builds
if [ "$image_tag" == "snapshot" ]; then
VERSION="snapshot"
fi
# OWRT_VERSION is like 23.05.2
OWRT_VERSION=$(echo $VERSION | cut -d'-' -f1)
# NS_VERSION is a semver release like '1.0.0' for stable and '1.0.0-alpha1' or '1.0.0-234-g1bc543c' for dev
NS_VERSION=$(echo $VERSION | cut -d- -f2- | cut -d. -f2-)
if [[ "$NS_VERSION" =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
MAJOR="${BASH_REMATCH[1]}"
MINOR="${BASH_REMATCH[2]:-""}"
PATCH="${BASH_REMATCH[3]:-""}"
PRE_RELEASE="${BASH_REMATCH[5]:-""}"
BUILD_METADATA="${BASH_REMATCH[10]:-""}"
fi
# Publish to dev channel for tagged unstable versions and dev builds
if [ -z "$PRE_RELEASE" ]; then
REPO_CHANNEL="stable"
else
REPO_CHANNEL="dev"
fi
# Force snapshot channel for snapshot builds
if [ "$image_tag" == "snapshot" ]; then
REPO_CHANNEL="snapshot"
fi
export REPO_CHANNEL
export OWRT_VERSION
export VERSION
# Set target architechture, default to x86_64
if [ -z "${TARGET}" ]; then
TARGET=x86_64
fi
echo "Building version $VERSION for $TARGET"
export TARGET
# Setup CI when pushing to Github.
if [[ -n "${CI}" ]]; then
# Set output value for Github Actions
echo "VERSION=$VERSION" >> "${GITHUB_ENV}"
echo "::notice title=VERSION::$VERSION"
echo "REPO_CHANNEL=$REPO_CHANNEL" >> "${GITHUB_ENV}"
echo "OWRT_VERSION=$OWRT_VERSION" >> "${GITHUB_ENV}"
echo "::notice title=REPOSITORY::$REPO_CHANNEL/$OWRT_VERSION"
echo "::notice title=TARGET::$TARGET"
fi
# Run podman with local mounted dirs
podman run -ti --name nethsec-builder \
--security-opt label=disable \
--env=USIGN_PUB_KEY --env=USIGN_PRIV_KEY \
--env=NETIFYD_ACCESS_TOKEN \
--env=VERSION --env=REPO_CHANNEL --env=OWRT_VERSION --env=TARGET \
-v ./config:/config:z -v ./files:/files:z -v ./packages:/nspackages:z -v ./patches:/patches:z \
$opts $image "$@"
# When executed inside CI, do not execute next setps on error
ret=$?
if [[ $ret -gt 0 && -n "${CI}" ]]; then
exit $ret
fi
podman cp nethsec-builder:/home/build/openwrt/bin/ $workdir/
if [ $? -eq 0 ]; then
podman rm nethsec-builder
else
echo
echo "Export of built binaries failed: the container has not been removed"
echo "To remove the container use: podman rm nethsec-builder"
echo "To re-try export built binaries: podman cp nethsec-builder:/home/build/openwrt/bin/ $workdir/"
echo
fi