[neon/ubuntu-core/models.add-models-pipeline] debian: Models CI: Add base pipeline

Wed Aug 7 09:48:57 BST 2024

Git commit 9948ed910392f5806d710ee5b58b2f6adadf052d by Antoine Gonzalez.
Committed on 07/08/2024 at 08:44.
Pushed by daspood into branch 'models.add-models-pipeline'.

Models CI: Add base pipeline

M  +2    -1    debian/.gitlab-ci-neon.yml
A  +58   -0    debian/snap-image-model.yml

https://invent.kde.org/neon/ubuntu-core/-/commit/9948ed910392f5806d710ee5b58b2f6adadf052d

diff --git a/debian/.gitlab-ci-neon.yml b/debian/.gitlab-ci-neon.yml
index fbdd84c..dce4ab7 100644
--- a/debian/.gitlab-ci-neon.yml
+++ b/debian/.gitlab-ci-neon.yml
@@ -5,4 +5,5 @@ include:
   - project: sysadmin/ci-utilities
     file:
       - /gitlab-templates/snap-image-dangerous.yml
-#      - /gitlab-templates/snap-image-signed.yml
\ No newline at end of file
+#      - /gitlab-templates/snap-image-signed.yml
+  - local: debian/snap-image-model.yml
\ No newline at end of file
diff --git a/debian/snap-image-model.yml b/debian/snap-image-model.yml
new file mode 100644
index 0000000..b51a41f
--- /dev/null
+++ b/debian/snap-image-model.yml
@@ -0,0 +1,58 @@
+include:
+  - project: sysadmin/ci-utilities
+    file:
+      - /gitlab-templates/blocks/snap-base.yml
+      - /gitlab-templates/blocks/workflow.yml
+
+snap_image_model:
+  when: manual
+  manual_confirmation: 'Are you sure you want to generate and push models for branch $CI_COMMIT_REF_NAME?'
+  extends: .snap_base
+  inherit:
+    default: true
+  script:  # Have to duplicate most of the snap-image code as the default `make` command will remove the model file
+    - echo currently on branch $CI_COMMIT_BRANCH, ref $CI_COMMIT_REF_NAME, pipeline source is $CI_PIPELINE_SOURCE
+    # make sure there is a snap specific so gpg doesn't freak out
+    - mkdir -p -m 0700 ¬/.snap/gnupg/
+    - mkdir -p -m 0700 ¬/.snap/gnupg/private-keys-v1.d/
+    # export it as a env var for convenience
+    - export GNUPGHOME=¬/.snap/gnupg/
+    # test the env var
+    - echo $GNUPGHOME
+    # copy in the required exported login creds so that snapcraft whoami works
+    - echo $KDE_NEON_CORE_IMAGE_KEY > kde-neon-core-image-key
+    # feed snap's gpg the required key
+    - echo $PRIVATE_KEY | base64 --decode | gpg --batch --import
+    # make sure the key is trusted
+    - gpg --import-ownertrust <(echo "$OWNER_TRUST")
+    # test the keys
+    - gpg --list-keys
+    # test the login
+    - snapcraft whoami
+    # build the model with the project's tooling
+    - echo re-generating models for $KDE_SNAP_MODULE_NAME ...
+    - make kde-neon-core-dangerous-amd64.model 2>&1 | tee task.log
+    - make kde-neon-core-signed-amd64.model 2>&1 | tee task.log
+    # make the artifacts dir
+    - mkdir -p $CI_PROJECT_DIR/.kde-ci-packages/
+    # copy the new model to the artifacts dir
+    - cp -vf ./*.model  $CI_PROJECT_DIR/.kde-ci-packages/
+    # push the new model to gitlab
+    - echo pushing new models to ref $CI_COMMIT_REF_NAME
+    - git config user.email "kde-neon-core-model-bot at kde.org"
+    - git config user.name "kde-neon-core model-bot"
+    - git add -f ./*.model
+    - git commit -m "Update model files"
+    - git push https://@project_17308_bot_a45360256b28775b175cf622f6b817ad:${UBUNTU_NEON_CORE_ACCESS_TOKEN}@invent.kde.org/neon/ubuntu-core HEAD:$CI_COMMIT_REF_NAME -o ci.skip
+  interruptible: true
+  after_script:
+    # delete the gpg keyring
+    - rm -rf ¬/.snap/gnupg
+    # delete the snapcraft auth creds
+    - rm kde-neon-core-image-key
+  rules:  # Only on manual triggers and on a non-master branch
+    - if: $CI_PIPELINE_SOURCE != "web"
+      when: never
+    - if: $CI_COMMIT_BRANCH == "master"
+      when: never
+
