diff --git a/.dockerignore b/.dockerignore index 5f31b7fd15e6..36131d37449b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,12 +1,7 @@ ./bin ./etc -./build/data -./build/data.tar.gz ./pkg/data/zz_generated_bindata.go -./package/data.tar.gz ./.vagrant ./.cache ./.dapper -./data-dir -./dist ./.trash-cache diff --git a/.drone.yml b/.drone.yml index 5d53717a09b7..c9bdfdcc267d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -59,6 +59,23 @@ steps: event: - tag +- name: rpm-publish + image: centos:7 + environment: + PRIVATE_KEY: + from_secret: private_key + PRIVATE_KEY_PASS_PHRASE: + from_secret: private_key_pass_phrase + AWS_S3_BUCKET: + from_secret: aws_s3_bucket + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + commands: + - scripts/provision/generic/centos7/yum-install-rpm-tools + - scripts/package-rpm + - name: test image: rancher/dapper:v0.4.2 secrets: [ gcloud_auth ] @@ -154,6 +171,23 @@ steps: event: - tag +- name: rpm-publish + image: centos:7 + environment: + PRIVATE_KEY: + from_secret: private_key + PRIVATE_KEY_PASS_PHRASE: + from_secret: private_key_pass_phrase + AWS_S3_BUCKET: + from_secret: aws_s3_bucket + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + commands: + - scripts/provision/generic/centos7/yum-install-rpm-tools + - scripts/package-rpm + - name: test image: rancher/dapper:v0.4.2 secrets: [ gcloud_auth ] @@ -323,6 +357,6 @@ volumes: - name: docker host: path: /var/run/docker.sock - + depends_on: - manifest \ No newline at end of file diff --git a/Dockerfile.rpm b/Dockerfile.rpm new file mode 100644 index 000000000000..e23e0fcfdeb1 --- /dev/null +++ b/Dockerfile.rpm @@ -0,0 +1,36 @@ +FROM centos:7 as build + +RUN yum install -y git expect yum-utils rpm-build rpm-sign python-deltarpm epel-release +RUN yum install -y python2-pip +RUN pip install git+git://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e + +COPY go.mod install.sh ./ +COPY scripts scripts +COPY package package +COPY dist dist + +ARG DRONE_TAG +ENV DRONE_TAG $DRONE_TAG + +ARG DRONE_STAGE_ARCH +ENV DRONE_STAGE_ARCH $DRONE_STAGE_ARCH + +ARG PRIVATE_KEY +ENV PRIVATE_KEY $PRIVATE_KEY + +ARG PRIVATE_KEY_PASS_PHRASE +ENV PRIVATE_KEY_PASS_PHRASE $PRIVATE_KEY_PASS_PHRASE + +ARG AWS_S3_BUCKET +ENV AWS_S3_BUCKET $AWS_S3_BUCKET + +ARG AWS_ACCESS_KEY_ID +ENV AWS_ACCESS_KEY_ID $AWS_ACCESS_KEY_ID + +ARG AWS_SECRET_ACCESS_KEY +ENV AWS_SECRET_ACCESS_KEY $AWS_SECRET_ACCESS_KEY + +RUN scripts/package-rpm + +FROM scratch +COPY --from=build dist/rpm/**/*.rpm ./ diff --git a/package/k3s.spec b/package/k3s.spec new file mode 100644 index 000000000000..686888ebcb5d --- /dev/null +++ b/package/k3s.spec @@ -0,0 +1,57 @@ +# vim: sw=4:ts=4:et + +%define install_path /usr/bin +%define util_path %{_datadir}/k3s +%define install_sh %{util_path}/.install.sh +%define uninstall_sh %{util_path}/.uninstall.sh + +Name: k3s +Version: %{k3s_version} +Release: %{k3s_release}%{?dist} +Summary: Lightweight Kubernetes + +Group: System Environment/Base +License: ASL 2.0 +URL: http://k3s.io + +BuildRequires: systemd +Requires(post): k3s-selinux >= %{k3s_policyver} + +%description +The certified Kubernetes distribution built for IoT & Edge computing. + +%install +install -d %{buildroot}%{install_path} +install dist/artifacts/%{k3s_binary} %{buildroot}%{install_path}/k3s +install -d %{buildroot}%{util_path} +install install.sh %{buildroot}%{install_sh} + +%post +# do not run install script on upgrade +echo post-install args: $@ +if [ $1 == 1 ]; then + INSTALL_K3S_BIN_DIR=%{install_path} \ + INSTALL_K3S_SKIP_DOWNLOAD=true \ + INSTALL_K3S_SKIP_ENABLE=true \ + UNINSTALL_K3S_SH=%{uninstall_sh} \ + %{install_sh} +fi +%systemd_post k3s.service +exit 0 + +%postun +echo post-uninstall args: $@ +# do not run uninstall script on upgrade +if [ $1 == 0 ]; then + %{uninstall_sh} + rm -rf %{util_path} +fi +exit 0 + +%files +%{install_path}/k3s +%{install_sh} + +%changelog +* Mon Mar 2 2020 Erik Wilson 0.1-1 +- Initial version diff --git a/scripts/gen-gpg-keys b/scripts/gen-gpg-keys new file mode 100755 index 000000000000..71bb94ebb886 --- /dev/null +++ b/scripts/gen-gpg-keys @@ -0,0 +1,37 @@ +#!/bin/bash + +set -e -x + +TMPDIR=$(mktemp -d) +cleanup() { + exit_code=$? + trap - EXIT INT + rm -rf ${TMPDIR} + exit ${exit_code} +} +trap cleanup EXIT INT + +export HOME=${TMPDIR} + +gpg --batch --gen-key - <public.key +gpg --armor --export-secret-key ci@rancher.com >private.key diff --git a/scripts/package-rpm b/scripts/package-rpm new file mode 100755 index 000000000000..100af0bba7ce --- /dev/null +++ b/scripts/package-rpm @@ -0,0 +1,78 @@ +#!/bin/bash +set -e -x + +cd $(dirname $0)/.. + +ARCH=${DRONE_STAGE_ARCH:-$(arch)} +. ./scripts/version.sh + +if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(\-.*)?\+k3s.+$ ]]; then + echo "k3s version $VERSION does not match regex for rpm upload" + exit 0 +fi + +TMPDIR=$(mktemp -d) +cleanup() { + exit_code=$? + trap - EXIT INT + rm -rf ${TMPDIR} + exit ${exit_code} +} +trap cleanup EXIT INT + +export HOME=${TMPDIR} + +BIN_SUFFIX="" +if [ ${ARCH} = aarch64 ] || [ ${ARCH} = arm64 ]; then + BIN_SUFFIX="-arm64" +elif [ ${ARCH} = armv7l ] || [ ${ARCH} = arm ]; then + BIN_SUFFIX="-armhf" +fi + +# capture version of k3s +k3s_version=$(sed -E -e 's/^v([^-+]*).*$/\1/' <<< $VERSION) +# capture pre-release and metadata information of k3s +k3s_release=$(sed -E -e 's/\+k3s/+/' -e 's/\+/-/g' -e 's/^[^-]*//' -e 's/^--/dev-/' -e 's/-+/./g' -e 's/^\.+//' -e 's/\.+$//' <<< $VERSION) +# k3s-selinux policy version needed for functionality +k3s_policyver=0.1-1 + +rpmbuild \ + --define "k3s_version ${k3s_version}" \ + --define "k3s_release ${k3s_release}" \ + --define "k3s_policyver ${k3s_policyver}" \ + --define "k3s_binary k3s${BIN_SUFFIX}" \ + --define "_sourcedir ${PWD}" \ + --define "_specdir ${PWD}" \ + --define "_builddir ${PWD}" \ + --define "_srcrpmdir ${PWD}" \ + --define "_rpmdir ${PWD}/dist/rpm" \ + --define "_buildrootdir ${PWD}/.rpm-build" \ + -bb package/k3s.spec + +if ! grep "BEGIN PGP PRIVATE KEY BLOCK" <<<"$PRIVATE_KEY"; then + echo "PRIVATE_KEY not defined, skipping rpm sign and upload" + exit 0 +fi + +cat <<\EOF >~/.rpmmacros +%_signature gpg +%_gpg_name ci@rancher.com +EOF +gpg --import - <<<"$PRIVATE_KEY" + +expect <