enh(packaging): add rpm sign to workflow (#462)

centreon · Dec 9, 2022 · 29fc71d · 29fc71d
1 parent f0caa28
commit 29fc71d
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 20 deletions.
diff --git a/.github/actions/delivery/action.yml b/.github/actions/delivery/action.yml
@@ -98,26 +98,28 @@ runs:
           echo "[DEBUG] - File: $FILE"
           VERSION=${{ inputs.version }}
           MAJOR="$VERSION"
-          DISTRIB="${{ inputs.distrib }}";
           REPOTYPE="$SUBREPO"
-          ARCH=$(echo $FILE | grep -oP '(x86_64|noarch)')
           PROJECT=${{ inputs.module_name }}
-          FOLDER=$(basename $FILE .rpm)
           PROJECT_PATH="standard"
-          
-          echo "[DEBUG] - Arch: $ARCH"
+
           echo "[DEBUG] - Suprepo: $SUBREPO"
           echo "[DEBUG] - FILES: $FILES"
-          echo "[DEBUG] - DISTRIB: $DISTRIB"
           echo "[DEBUG] - Version: $VERSION"
 
           if [[ "${{ env.extfile }}" == "deb" ]] ; then
-            echo "[DEBUG] - https://artifactory.apps.centreon.com/artifactory/debian-$VERSION-$REPO/pool/$FILE;deb.distribution=bullseye;deb.component=main;deb.architecture=amd64"
-            curl -v -u "${{ inputs.repos_username }}":"${{ inputs.repos_password }}" -X PUT "https://artifactory.apps.centreon.com/artifactory/debian-$VERSION-$REPO/pool/$FILE;deb.distribution=bullseye;deb.component=main;deb.architecture=amd64" -T "./$FILE"
+            curl -u "${{ inputs.repo_username }}":"${{ inputs.repo_password }}" -H "Content-Type: multipart/form-data" --data-binary "@./$FILE" https://apt.centreon.com/repository/23.04-$SUBREPO/
           else
             #echo "[DEBUG] - https://artifactory.apps.centreon.com/artifactory/rpm-$VERSION-$REPO/$DISTRIB/$REPO/x86_64/centreon-collect"
             #curl -v -u "${{ inputs.repos_username }}":"${{ inputs.repos_password }}" -X PUT "https://artifactory.apps.centreon.com/artifactory/rpm-$VERSION-$REPO/$DISTRIB/$REPO/x86_64/centreon-collect/$FILE" -T "./$FILE"
-            
+
+            DISTRIB="${{ inputs.distrib }}"
+            ARCH=$(echo $FILE | grep -oP '(x86_64|noarch)')
+            FOLDER=$(basename $FILE .rpm)
+
+            echo "[DEBUG] - DISTRIB: $DISTRIB"
+            echo "[DEBUG] - Arch: $ARCH"
+            echo "[DEBUG] - FOLDER: $FOLDER"
+
             eval `ssh-agent`
             ssh-add - <<< "${{ inputs.yum_repo_key }}"
 
@@ -137,15 +139,18 @@ runs:
           fi
         done
 
-        ID="${{ inputs.cloudfront_id }}"
-        PATHS="/$PROJECT_PATH/$MAJOR/$DISTRIB/$REPOTYPE/$ARCH/*"
-        ITERATIONS=1
-        until aws cloudfront create-invalidation --distribution-id "$ID" --paths "$PATHS"; do
-          if [ ${ITERATIONS} -eq 10 ]; then
-            return 0
-          fi
-          echo "couldn't invalidate cache, AWS quota might have been reached, retrying in 30 seconds..."
-          sleep 30s
-          ITERATIONS=$((ITERATIONS+1))
-        done
+        # run this only for rpm
+        if [[ "${{ env.extfile }}" == "rpm" ]] ; then
+          ID="${{ inputs.cloudfront_id }}"
+          PATHS="/$PROJECT_PATH/$MAJOR/$DISTRIB/$REPOTYPE/$ARCH/*"
+          ITERATIONS=1
+          until aws cloudfront create-invalidation --distribution-id "$ID" --paths "$PATHS"; do
+            if [ ${ITERATIONS} -eq 10 ]; then
+              return 0
+            fi
+            echo "couldn't invalidate cache, AWS quota might have been reached, retrying in 30 seconds..."
+            sleep 30s
+            ITERATIONS=$((ITERATIONS+1))
+          done
+        fi
       shell: bash
diff --git a/.github/actions/package-sign/action.yml b/.github/actions/package-sign/action.yml
@@ -0,0 +1,36 @@
+name: rpm-sign-in-docker
+description: Run step in docker container
+inputs:
+  script_name:
+    description: "script_name"
+    required: true
+  image_name:
+    description: "image_name"
+    required: true
+  image_version:
+    description: "image_version"
+    required: true
+  centreon_pat:
+    description: "Secret"
+    required: false
+  username:
+    description: The artifactory username
+    required: true
+  password:
+    description: The artifactory password
+    required: true
+  params:
+    description: "params for script"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: Login to Registry
+      uses: docker/login-action@v2
+      with:
+        registry: docker.centreon.com
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+    - run: docker run -i -e TOKEN=${{ inputs.centreon_pat }} --entrypoint /src/.github/scripts/${{ inputs.script_name }}.sh -v "$PWD:/src" docker.centreon.com/${{ inputs.image_name }}:${{ inputs.image_version}} ${{ inputs.params }}
+      shell: bash
diff --git a/.github/scripts/rpm-signing.sh b/.github/scripts/rpm-signing.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -ex
+export GPG_TTY=$(tty)
+rpmsign --addsign /src/*.rpm
diff --git a/.github/workflows/centreon-collect.yml b/.github/workflows/centreon-collect.yml
@@ -114,6 +114,15 @@ jobs:
           image_version: ${{ env.imgversion }}
           env_variable: -e DISTRIB="${{ matrix.distrib }}" -e VERSION="${{ env.version }}" -e RELEASE="${{ env.release }}"
 
+      - name: sign rpm ${{ matrix.image }}
+        uses: ./.github/actions/package-sign
+        with:
+          script_name: rpm-signing
+          image_name: rpm-signing
+          image_version: ubuntu
+          username: ${{ secrets.REPOS_USERNAME }}
+          password: ${{ secrets.REPOS_PASSWORD }}
+
       - name: Use cache RPM files
         uses: actions/cache@v3
         env: