Skip to content

Commit

Permalink
Code clean-up and more commentary; local build now works on Windows, too
Browse files Browse the repository at this point in the history
  • Loading branch information
@marceltaeumel
marceltaeumel committed Sep 25, 2021
1 parent e4624d5 commit 8b730ce
Show file tree
Hide file tree
Showing 24 changed files with 586 additions and 421 deletions.
51 changes: 21 additions & 30 deletions .github/workflows/bundle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Bundle
on:
push: # Choose the branch that matches the Smalltalk version below
# branches:
# - squeak-trunk
# - squeak-trunk
# - squeak-5.3
# - squeak-5.2
paths-ignore:
Expand Down Expand Up @@ -53,8 +53,6 @@ jobs:
tmp/*.sources
tmp/*.image
tmp/*.changes
tmp/version.sh
!tmp/Test*
test-image:
Expand Down Expand Up @@ -118,35 +116,12 @@ jobs:
# - Squeak64-5.2
# - Etoys-trunk
# - Etoys64-trunk
runs-on: macos-10.15 # macos-latest
runs-on: macos-10.15 # fixed for xcnotary
name: 📦 Prepare bundles for ${{ matrix.smalltalk }}
env:
SMALLTALK_VERSION: ${{ matrix.smalltalk }}
GIT_BRANCH: ${{ github.ref }}
DEPLOYMENT_BRANCH: squeak-trunk

CODESIGN_KEY: ${{ secrets.CODESIGN_KEY }}
CODESIGN_IV: ${{ secrets.CODESIGN_IV }}

CERT_IDENTITY: ${{ secrets.SIGN_IDENTITY }}
CERT_PASSWORD: ${{ secrets.CERT_PASSWORD }}

NOTARIZATION_USER: ${{ secrets.NOTARIZATION_USER }}
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}



DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
DEPLOY_IV: ${{ secrets.DEPLOY_IV }}

PUBLIC_KEY: ${{ secrets.PUBLIC_KEY }}

PROXY_PORT: ${{ secrets.PROXY_PORT }}
PROXY_HOST: ${{ secrets.PROXY_HOST }}
PROXY_USER: ${{ secrets.PROXY_USER }}
UPSTREAM_HOST: ${{ secrets.UPSTREAM_HOST }}
UPSTREAM_USER: ${{ secrets.UPSTREAM_USER }}

SHOULD_DEPLOY: endsWith(github.ref, "squeak-trunk")
SHOULD_CODESIGN: env.SHOULD_DEPLOY

steps:
- uses: actions/checkout@v2
Expand All @@ -158,6 +133,13 @@ jobs:
path: tmp

- run: ./prepare_bundles.sh
env:
CODESIGN_KEY: ${{ secrets.CODESIGN_KEY }}
CODESIGN_IV: ${{ secrets.CODESIGN_IV }}
CERT_IDENTITY: ${{ secrets.CERT_IDENTITY }}
CERT_PASSWORD: ${{ secrets.CERT_PASSWORD }}
NOTARIZATION_USER: ${{ secrets.NOTARIZATION_USER }}
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}

- name: Upload artifacts
uses: actions/upload-artifact@v2
Expand All @@ -166,4 +148,13 @@ jobs:
path: product/*

- run: ./deploy_bundles.sh
if: endsWith(github.ref, env.DEPLOYMENT_BRANCH)
if: env.SHOULD_DEPLOY
env:
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
DEPLOY_IV: ${{ secrets.DEPLOY_IV }}
SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
PROXY_PORT: ${{ secrets.PROXY_PORT }}
PROXY_HOST: ${{ secrets.PROXY_HOST }}
PROXY_USER: ${{ secrets.PROXY_USER }}
UPSTREAM_HOST: ${{ secrets.UPSTREAM_HOST }}
UPSTREAM_USER: ${{ secrets.UPSTREAM_USER }}
4 changes: 4 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@
*.cer
secret*/
.secret-*.zip
smalltalk-ci/repository/**
tmp/**
build/**
product/**
Binary file added .secret-codesign.zip.enc
View file
Binary file not shown.
67 changes: 49 additions & 18 deletions deploy_bundles.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,47 @@
# FILE: deploy_bundles.sh
# CONTENT: Upload all bundles to files.squeak.org
#
# REQUIRES:
# SMALLTALK_VERSION ... e.g., Squeak64-trunk
# SHOULD_DEPLOY ... i.e., true or false
# product/*.zip
# product/*.dmg
# IMAGE_NAME
# IMAGE_BITS
#....BUNDLE_NAME_LIN
#....BUNDLE_NAME_MAC
#....BUNDLE_NAME_WIN
#....BUNDLE_NAME_ARM ... only on 32-bit
# DEPLOY_KEY ... i.e., for unlocking secret files
# DEPLOY_IV ... i.e., for unlocking secret files
# SSH_PUBLIC_KEY
# PROXY_PORT
# PROXY_HOST
# PROXY_USER
# UPSTREAM_HOST
# UPSTREAM_USER
# PROVIDES:
# -
#
# AUTHORS: Fabio Niephaus, Hasso Plattner Institute, Potsdam, Germany
# Marcel Taeumel, Hasso Plattner Institute, Potsdam, Germany
################################################################################

set -o errexit

[[ -z "${PRODUCT_DIR}" ]] && exit 5
source "env_vars"
source "helpers.sh"

[[ -z "${IMAGE_NAME}" ]] && exit 2
[[ -z "${IMAGE_BITS}" ]] && exit 3

[[ -z "${BUNDLE_NAME_LIN}" ]] && exit 4
[[ -z "${BUNDLE_NAME_MAC}" ]] && exit 5
[[ -z "${BUNDLE_NAME_WIN}" ]] && exit 6

source env_vars
source helpers.sh
if is_32bit; then
[[ -z "${BUNDLE_NAME_ARM}" ]] && exit 7
fi

begin_group "...preparing deployment..."

Expand All @@ -22,40 +53,40 @@ if [[ -z "${DEPLOY_KEY}" ]]; then
exit 1
else
unlock_secret "deploy" "${DEPLOY_KEY}" "${DEPLOY_IV}"
readonly SSH_KEY_FILEPATH="${HOME_DIR}/secret-deploy/ssh_deploy_key"
readonly SSH_KEY_PATH="${HOME_DIR}/secret-deploy"
readonly SSH_KEY_FILEPATH="${HOME_PATH}/secret-deploy/ssh_deploy_key"
readonly SSH_KEY_PATH="${HOME_PATH}/secret-deploy"
chmod 600 "${SSH_KEY_FILEPATH}"
fi

end_group

begin_group "...uploading all files to files.squeak.org.."

readonly TARGET_BASE="/var/www/files.squeak.org"
readonly UPSTREAM_BASE="/var/www/files.squeak.org"

if is_etoys; then
TARGET_PATH="${TARGET_BASE}/etoys/${SQUEAK_VERSION/Etoys/}"
UPSTREAM_PATH="${UPSTREAM_BASE}/etoys/${SQUEAK_VERSION/Etoys/}"
else
TARGET_PATH="${TARGET_BASE}/${SQUEAK_VERSION/Squeak/}"
UPSTREAM_PATH="${UPSTREAM_BASE}/${SQUEAK_VERSION/Squeak/}"
fi
TARGET_PATH="${TARGET_PATH}/${IMAGE_NAME}"
UPSTREAM_PATH="${UPSTREAM_PATH}/${IMAGE_NAME}"


ssh-keyscan -t ecdsa-sha2-nistp256 -p "${PROXY_PORT}" "${PROXY_HOST}" 2>&1 | tee -a "${HOME}/.ssh/known_hosts" > /dev/null;
echo "${UPSTREAM_HOST} ecdsa-sha2-nistp256 ${PUBLIC_KEY}" | tee -a "${HOME}/.ssh/known_hosts" > /dev/null;
rsync -rvz --ignore-existing -e "ssh -o ProxyCommand='ssh -l ${PROXY_USER} -i ${SSH_KEY_FILEPATH} -p ${PROXY_PORT} -W %h:%p ${PROXY_HOST}' -l ${UPSTREAM_USER} -i ${SSH_KEY_FILEPATH}" "${PRODUCT_DIR}/" "${UPSTREAM_HOST}:${TARGET_PATH}/";
echo "${UPSTREAM_HOST} ecdsa-sha2-nistp256 ${SSH_PUBLIC_KEY}" | tee -a "${HOME}/.ssh/known_hosts" > /dev/null;
rsync -rvz --ignore-existing -e "ssh -o ProxyCommand='ssh -l ${PROXY_USER} -i ${SSH_KEY_FILEPATH} -p ${PROXY_PORT} -W %h:%p ${PROXY_HOST}' -l ${UPSTREAM_USER} -i ${SSH_KEY_FILEPATH}" "${PRODUCT_PATH}/" "${UPSTREAM_HOST}:${UPSTREAM_PATH}/";

end_group

begin_group "...updating latest symlinks on server..."
begin_group "...updating 'latest' symlinks on server..."

LATEST_PREFIX="${TARGET_BASE}/nightly/Squeak-latest-${IMAGE_BITS}bit"
SYMS_CMD="ln -f -s ${TARGET_PATH}/${IMAGE_NAME}.zip ${LATEST_PREFIX}.zip"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${TARGET_PATH}/${BUNDLE_NAME_LIN}.zip ${LATEST_PREFIX}-Linux.zip"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${TARGET_PATH}/${BUNDLE_NAME_MAC}.dmg ${LATEST_PREFIX}-macOS.dmg"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${TARGET_PATH}/${BUNDLE_NAME_WIN}.zip ${LATEST_PREFIX}-Windows.zip"
LATEST_PREFIX="${UPSTREAM_BASE}/nightly/Squeak-latest-${IMAGE_BITS}bit"
SYMS_CMD="ln -f -s ${UPSTREAM_PATH}/${IMAGE_NAME}.zip ${LATEST_PREFIX}.zip"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${UPSTREAM_PATH}/${BUNDLE_NAME_LIN}.zip ${LATEST_PREFIX}-Linux.zip"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${UPSTREAM_PATH}/${BUNDLE_NAME_MAC}.dmg ${LATEST_PREFIX}-macOS.dmg"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${UPSTREAM_PATH}/${BUNDLE_NAME_WIN}.zip ${LATEST_PREFIX}-Windows.zip"
if is_32bit; then
SYMS_CMD="${SYMS_CMD} && ln -f -s ${TARGET_PATH}/${BUNDLE_NAME_ARM}.zip ${LATEST_PREFIX}-ARMv6.zip"
SYMS_CMD="${SYMS_CMD} && ln -f -s ${UPSTREAM_PATH}/${BUNDLE_NAME_ARM}.zip ${LATEST_PREFIX}-ARMv6.zip"
fi
ssh -o ProxyCommand="ssh -l ${PROXY_USER} -i ${SSH_KEY_FILEPATH} -p ${PROXY_PORT} -W %h:%p ${PROXY_HOST}" \
-l "${UPSTREAM_USER}" -i "${SSH_KEY_FILEPATH}" "${UPSTREAM_HOST}" -t "${SYMS_CMD}"
Expand Down
14 changes: 8 additions & 6 deletions env_vars
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
readonly HOME_DIR="$(pwd)"
readonly HOME_PATH="$(pwd)"

readonly FILES_BASE="http://files.squeak.org/base"
readonly RELEASE_URL="${FILES_BASE}/${SMALLTALK_VERSION/Etoys/Squeak}"
readonly IMAGE_URL="${RELEASE_URL}/base.zip"

readonly IMAGE_URL="${RELEASE_URL}/base.zip"
readonly VM_BASE="${RELEASE_URL}"

# version.sh file produced by image
readonly VERSION_FILE="${TMP_DIR}/version.sh"
readonly VM_LIN="vm-linux"
readonly VM_MAC="vm-macos"
readonly VM_WIN="vm-win"
readonly VM_ARM6="vm-armv6"

readonly ICONS_DIR="${HOME_DIR}/icons"
readonly RELEASE_NOTES_DIR="${HOME_DIR}/release-notes"
readonly ICONS_PATH="${HOME_PATH}/icons"
readonly RELEASE_NOTES_PATH="${HOME_PATH}/release-notes"
60 changes: 41 additions & 19 deletions helpers.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,12 @@ is_dir() {
[[ -d $1 ]]
}

is_deployment_branch() {
[[ "${GIT_BRANCH}" == *"${DEPLOYMENT_BRANCH}"* ]]
should_deploy() {
[[ "${SHOULD_DEPLOY}" == "true" ]]
}

should_codesign() {
[[ "${SHOULD_CODESIGN}" == "true" ]]
}

readonly COLOR_RESET="\033[0m"
Expand Down Expand Up @@ -66,9 +70,9 @@ download_and_extract_vm() {
local url=$2 # e.g., files.squeak.org/base/Squeak-trunk/vm-win.zip
local target=$3 # e.g., tmp/vm-win
echo "...downloading and extracting ${name} VM..."
curl -f -s --retry 3 -o "${TMP_DIR}/vm.zip" "${url}"
unzip -q "${TMP_DIR}/vm.zip" -d "${target}"
rm "${TMP_DIR}/vm.zip"
curl -f -s --retry 3 -o "${TMP_PATH}/vm.zip" "${url}"
unzip -q "${TMP_PATH}/vm.zip" -d "${target}"
rm "${TMP_PATH}/vm.zip"
}

export_variable() {
Expand All @@ -84,22 +88,22 @@ export_variable() {
prepare_platform_vm() {
case $RUNNER_OS in
"Windows")
readonly VM_URL="${VM_BASE}/vm-win.zip"
readonly SMALLTALK_VM="${TMP_DIR}/vm/SqueakConsole.exe"
readonly VM_URL="${VM_BASE}/${VM_WIN}.zip"
readonly SMALLTALK_VM="${TMP_PATH}/vm/SqueakConsole.exe"
# Add other GNU tools (e.g., wget) for third-party build scripts
PATH=$PATH:/c/msys64/usr/bin
;;
"Linux")
readonly VM_URL="${VM_BASE}/vm-linux.zip"
readonly SMALLTALK_VM="${TMP_DIR}/vm/squeak"
readonly VM_URL="${VM_BASE}/${VM_LIN}.zip"
readonly SMALLTALK_VM="${TMP_PATH}/vm/squeak"
;;
"macOS")
readonly VM_URL="${VM_BASE}/vm-macos.zip"
readonly SMALLTALK_VM="${TMP_DIR}/vm/Squeak.app/Contents/MacOS/Squeak"
readonly VM_URL="${VM_BASE}/${VM_MAC}.zip"
readonly SMALLTALK_VM="${TMP_PATH}/vm/Squeak.app/Contents/MacOS/Squeak"
;;
esac

download_and_extract_vm "$RUNNER_OS" "${VM_URL}" "${TMP_DIR}/vm"
download_and_extract_vm "$RUNNER_OS" "${VM_URL}" "${TMP_PATH}/vm"

if [[ ! -f "${SMALLTALK_VM}" ]]; then
echo "Failed to locate VM executable." && exit 1
Expand All @@ -111,14 +115,14 @@ lock_secret() {
local key=$2
local iv=$3

local secret_dir="${HOME_DIR}/${name}"
local secret_dir="${HOME_PATH}/${name}"

if ! is_dir "${secret_dir}"; then
print_error "Failed to locate files to encrypt."
exit 1
fi

zip -q -r "${HOME_DIR}/.${name}.zip" "${name}"
zip -q -r "${HOME_PATH}/.${name}.zip" "${name}"
rm -r -d "${secret_dir}"

openssl aes-256-cbc -e -in .${name}.zip -out .${name}.zip.enc \
Expand All @@ -131,7 +135,7 @@ unlock_secret() {
local key=$2
local iv=$3

local secret_dir="${HOME_DIR}/${name}"
local secret_dir="${HOME_PATH}/${name}"

if ! is_file .${name}.zip.enc; then
print_error "Failed to locate encrypted archive."
Expand All @@ -152,7 +156,25 @@ unlock_secret() {
}

# Assure the existence of all working directories
readonly BUILD_DIR="${HOME_DIR}/build"
readonly PRODUCT_DIR="${HOME_DIR}/product"
readonly TMP_DIR="${HOME_DIR}/tmp"
mkdir -p "${BUILD_DIR}" "${PRODUCT_DIR}" "${TMP_DIR}"
readonly BUILD_PATH="${HOME_PATH}/build"
readonly PRODUCT_PATH="${HOME_PATH}/product"
readonly TMP_PATH="${HOME_PATH}/tmp"
mkdir -p "${BUILD_PATH}" "${PRODUCT_PATH}" "${TMP_PATH}"

# Assure $RUNNER_OS if not invoked from within GitHub Actions
if [[ -z "${RUNNER_OS}" ]]; then
case $(uname -s) in
Darwin*)
export RUNNER_OS="macOS"
;;
Linux*)
export RUNNER_OS="Linux"
;;
CYGWIN*|MINGW*)
export RUNNER_OS="Windows"
;;
*)
echo "Unsupported platform."
exit 1
esac
fi
Loading

0 comments on commit 8b730ce

Please sign in to comment.