easywks/.gitlab-ci.yml

---
image: python:3.9-bullseye

stages:
- test
- integration
- build
- deploy
- upload


before_script:
- pip3 install coverage pycodestyle
- export EASYWKS_VERSION=$(python -c 'import easywks; print(easywks.__version__)')


test:
  stage: test
  script:
  - pip3 install -e .
  - python3 -m coverage run --rcfile=setup.cfg -m unittest discover easywks
  artifacts:
    paths:
    - ".coverage*"

codestyle:
  stage: test
  script:
  - pip3 install -e .
  - pycodestyle easywks

easywksserver_gpgwksclient:
  stage: integration
  script:
    - echo "openpgpkey" > /etc/hostname
    - echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts
    - pip3 install -e .
    - apt update; apt install --yes gnupg2 socat ca-certificates
    - openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org'
    - cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt
    - update-ca-certificates
    - mkdir -p /tmp/easywks
    - |
      cat > /tmp/easywks.yml <<EOF
      directory: /tmp/easywks
      permit_unsigned_response: true  # required for gpg-wks-client compat
      httpd:
        host: 127.0.0.1
        port: 8080
      mailing_method: stdout
      domains:
        example.org:
          submission_address: webkey@example.org
      EOF
    - easywks --config /tmp/easywks.yml init
    - easywks --config /tmp/easywks.yml webserver &
    - socat OPENSSL-LISTEN:443,fork,reuseaddr,verify=0,cert=/etc/ssl/cert.pem,key=/etc/ssl/key.pem TCP:127.0.0.1:8080 &
    - sleep 3
    - install -m 0700 -d /tmp/gpg /tmp/cleangpg
    - export GNUPGHOME=/tmp/gpg
    - test/genkey.sh alice@example.org
    - >-
      export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org | grep -A1 ^pub | grep ^fpr | cut -d: -f10)"
    - /usr/lib/gnupg/gpg-wks-client --supported alice@example.org
    - /usr/lib/gnupg/gpg-wks-client --check webkey@example.org
    - PUBREQ="$(/usr/lib/gnupg/gpg-wks-client --create "${FINGERPRINT}" alice@example.org)"
    - CONFREQ="$(echo "${PUBREQ}" | easywks --config /tmp/easywks.yml process)"
    - CONFRESP="$(echo "${CONFREQ}" | /usr/lib/gnupg/gpg-wks-client --receive --verbose)"
    - PUBRESP="$(echo "${CONFRESP}" | easywks --config /tmp/easywks.yml process)"
    - echo "${PUBRESP}" | gpg --batch --decrypt
    - /usr/lib/gnupg/gpg-wks-client --check alice@example.org
    - export GNUPGHOME=/tmp/gpg
    - gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
    - kill %2
    - kill %1


coverage:
  stage: integration
  coverage: >-
    /(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
  script:
  - python3 -m coverage combine
  - python3 -m coverage report --rcfile=setup.cfg

    
build_wheel:
  stage: build
  script:
  - python3 setup.py egg_info bdist_wheel
  - cd dist
  - sha256sum *.whl > SHA256SUMS
  artifacts:
    paths:
    - "dist/*.whl"
    - dist/SHA256SUMS
  only:
  - tags

build_debian:
  stage: build
  script:
  - apt update && apt install --yes lintian rsync sudo
  - echo -n > package/debian/easywks/usr/share/doc/easywks/changelog
  - |
    for version in "$(cat CHANGELOG.md | grep '<!-- BEGIN CHANGES' | cut -d ' ' -f 4)"; do
      echo "easywks (${version}-1); urgency=medium\n" >> package/debian/easywks/usr/share/doc/easywks/changelog
      cat CHANGELOG.md | grep -A 1000 "<"'!'"-- BEGIN CHANGES ${version} -->" | grep -B 1000 "<"'!'"-- END CHANGES ${version} -->" | tail -n +2 | head -n -1 | sed -re 's/^-/  */g' >> package/debian/easywks/usr/share/doc/easywks/changelog
      echo "\n -- ${PACKAGE_AUTHOR}  $(date -R)\n" >> package/debian/easywks/usr/share/doc/easywks/changelog
    done
  - gzip -9n package/debian/easywks/usr/share/doc/easywks/changelog
  - python3 setup.py egg_info install --root=package/debian/easywks/ --prefix=/usr --optimize=1
  - cd package/debian
  - sed -re "s/__EASYWKS_VERSION__/${EASYWKS_VERSION}/g" -i easywks/DEBIAN/control
  - mkdir -p easywks/usr/lib/python3/dist-packages/
  - rsync -a easywks/usr/lib/python3.9/site-packages/ easywks/usr/lib/python3/dist-packages/
  - rm -rf easywks/usr/lib/python3.9/site-packages
  - find easywks/usr/lib/python3/dist-packages -name __pycache__ -exec rm -r {} \; 2>/dev/null || true
  - find easywks/usr/lib/python3/dist-packages -name '*.pyc' -exec rm {} \;
  - find easywks/usr/lib/python3/dist-packages -name '*.pyo' -exec rm {} \;
  - sed -re 's$#!/usr/local/bin/python3$#!/usr/bin/python3$' -i easywks/usr/bin/easywks
  - find easywks -type f -exec chmod 0644 {} \;
  - find easywks -type d -exec chmod 755 {} \;
  - chmod +x easywks/usr/bin/easywks easywks/DEBIAN/postinst easywks/DEBIAN/prerm easywks/DEBIAN/postrm
  - dpkg-deb --build easywks
  - mv easywks.deb "easywks_${EASYWKS_VERSION}-1_all.deb"
  - sudo -u nobody lintian "easywks_${EASYWKS_VERSION}-1_all.deb"
  - sha256sum *.deb > SHA256SUMS
  artifacts:
    paths:
    - "package/debian/*.deb"
    - package/debian/SHA256SUMS
  only:
  - tags


release:
  stage: deploy
  script:
  - python3 package/release.py
  only:
  - tags


repo:
  stage: upload
  trigger: s3lph/custom-packages
  variables:
    MULTIPROJECT_TRIGGER_JOBNAME: easywks
  only:
  - tags
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`---`
			`image: python:3.9-bullseye`

			`stages:`
			`- test`
feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`- integration`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`- build`
			`- deploy`
Add CI task to trigger a build of the repository pipeline 2022-07-19 23:36:23 +02:00			`- upload`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00


			`before_script:`
			`- pip3 install coverage pycodestyle`
			`- export EASYWKS_VERSION=$(python -c 'import easywks; print(easywks.__version__)')`



			`test:`
			`stage: test`
			`script:`
			`- pip3 install -e .`
			`- python3 -m coverage run --rcfile=setup.cfg -m unittest discover easywks`
feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`artifacts:`
			`paths:`
			`- ".coverage*"`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00
			`codestyle:`
			`stage: test`
			`script:`
			`- pip3 install -e .`
			`- pycodestyle easywks`

feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`easywksserver_gpgwksclient:`
			`stage: integration`
			`script:`
			`- echo "openpgpkey" > /etc/hostname`
			`- echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts`
			`- pip3 install -e .`
			`- apt update; apt install --yes gnupg2 socat ca-certificates`
			`- openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org'`
			`- cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt`
			`- update-ca-certificates`
			`- mkdir -p /tmp/easywks`
			`- \|`
			`cat > /tmp/easywks.yml <<EOF`
			`directory: /tmp/easywks`
			`permit_unsigned_response: true # required for gpg-wks-client compat`
			`httpd:`
			`host: 127.0.0.1`
			`port: 8080`
			`mailing_method: stdout`
			`domains:`
			`example.org:`
fix(config): per-domain configuration (e.g. submission-address) was not loaded. 2022-12-21 03:10:52 +01:00			`submission_address: webkey@example.org`
feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`EOF`
			`- easywks --config /tmp/easywks.yml init`
			`- easywks --config /tmp/easywks.yml webserver &`
			`- socat OPENSSL-LISTEN:443,fork,reuseaddr,verify=0,cert=/etc/ssl/cert.pem,key=/etc/ssl/key.pem TCP:127.0.0.1:8080 &`
			`- sleep 3`
			`- install -m 0700 -d /tmp/gpg /tmp/cleangpg`
			`- export GNUPGHOME=/tmp/gpg`
			`- test/genkey.sh alice@example.org`
			`- >-`
			`export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org \| grep -A1 ^pub \| grep ^fpr \| cut -d: -f10)"`
			`- /usr/lib/gnupg/gpg-wks-client --supported alice@example.org`
fix(config): per-domain configuration (e.g. submission-address) was not loaded. 2022-12-21 03:10:52 +01:00			`- /usr/lib/gnupg/gpg-wks-client --check webkey@example.org`
feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`- PUBREQ="$(/usr/lib/gnupg/gpg-wks-client --create "${FINGERPRINT}" alice@example.org)"`
			`- CONFREQ="$(echo "${PUBREQ}" \| easywks --config /tmp/easywks.yml process)"`
			`- CONFRESP="$(echo "${CONFREQ}" \| /usr/lib/gnupg/gpg-wks-client --receive --verbose)"`
			`- PUBRESP="$(echo "${CONFRESP}" \| easywks --config /tmp/easywks.yml process)"`
			`- echo "${PUBRESP}" \| gpg --batch --decrypt`
			`- /usr/lib/gnupg/gpg-wks-client --check alice@example.org`
			`- export GNUPGHOME=/tmp/gpg`
			`- gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org`
			`- kill %2`
			`- kill %1`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00

feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00			`coverage:`
			`stage: integration`
			`coverage: >-`
			`/(?i)total.*? (100(?:\.0+)?\%\|[1-9]?\d(?:\.\d+)?\%)$/`
			`script:`
			`- python3 -m coverage combine`
			`- python3 -m coverage report --rcfile=setup.cfg`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00
feat(testing): add integration test against gpg-wks-client 2022-12-20 23:13:37 +01:00
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`build_wheel:`
			`stage: build`
			`script:`
			`- python3 setup.py egg_info bdist_wheel`
			`- cd dist`
			`- sha256sum *.whl > SHA256SUMS`
			`artifacts:`
			`paths:`
			`- "dist/*.whl"`
			`- dist/SHA256SUMS`
			`only:`
			`- tags`

			`build_debian:`
			`stage: build`
			`script:`
Fix CI script 2021-09-27 23:46:39 +02:00			`- apt update && apt install --yes lintian rsync sudo`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`- echo -n > package/debian/easywks/usr/share/doc/easywks/changelog`
			`- \|`
			`for version in "$(cat CHANGELOG.md \| grep '<!-- BEGIN CHANGES' \| cut -d ' ' -f 4)"; do`
			`echo "easywks (${version}-1); urgency=medium\n" >> package/debian/easywks/usr/share/doc/easywks/changelog`
			`cat CHANGELOG.md \| grep -A 1000 "<"'!'"-- BEGIN CHANGES ${version} -->" \| grep -B 1000 "<"'!'"-- END CHANGES ${version} -->" \| tail -n +2 \| head -n -1 \| sed -re 's/^-/ */g' >> package/debian/easywks/usr/share/doc/easywks/changelog`
			`echo "\n -- ${PACKAGE_AUTHOR} $(date -R)\n" >> package/debian/easywks/usr/share/doc/easywks/changelog`
			`done`
			`- gzip -9n package/debian/easywks/usr/share/doc/easywks/changelog`
			`- python3 setup.py egg_info install --root=package/debian/easywks/ --prefix=/usr --optimize=1`
			`- cd package/debian`
			`- sed -re "s/__EASYWKS_VERSION__/${EASYWKS_VERSION}/g" -i easywks/DEBIAN/control`
			`- mkdir -p easywks/usr/lib/python3/dist-packages/`
			`- rsync -a easywks/usr/lib/python3.9/site-packages/ easywks/usr/lib/python3/dist-packages/`
			`- rm -rf easywks/usr/lib/python3.9/site-packages`
			`- find easywks/usr/lib/python3/dist-packages -name __pycache__ -exec rm -r {} \; 2>/dev/null \|\| true`
			`- find easywks/usr/lib/python3/dist-packages -name '*.pyc' -exec rm {} \;`
			`- find easywks/usr/lib/python3/dist-packages -name '*.pyo' -exec rm {} \;`
Fix CI script 2021-09-27 23:46:39 +02:00			`- sed -re 's$#!/usr/local/bin/python3$#!/usr/bin/python3$' -i easywks/usr/bin/easywks`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`- find easywks -type f -exec chmod 0644 {} \;`
			`- find easywks -type d -exec chmod 755 {} \;`
			`- chmod +x easywks/usr/bin/easywks easywks/DEBIAN/postinst easywks/DEBIAN/prerm easywks/DEBIAN/postrm`
			`- dpkg-deb --build easywks`
Fix release.py script 2021-09-28 01:59:53 +02:00			`- mv easywks.deb "easywks_${EASYWKS_VERSION}-1_all.deb"`
			`- sudo -u nobody lintian "easywks_${EASYWKS_VERSION}-1_all.deb"`
Add CI with packaging/release process 2021-09-27 23:40:10 +02:00			`- sha256sum *.deb > SHA256SUMS`
			`artifacts:`
			`paths:`
			`- "package/debian/*.deb"`
			`- package/debian/SHA256SUMS`
			`only:`
			`- tags`


			`release:`
			`stage: deploy`
			`script:`
			`- python3 package/release.py`
			`only:`
			`- tags`
Add CI task to trigger a build of the repository pipeline 2022-07-19 23:36:23 +02:00


			`repo:`
			`stage: upload`
			`trigger: s3lph/custom-packages`
			`variables:`
			`MULTIPROJECT_TRIGGER_JOBNAME: easywks`
			`only:`
			`- tags`