[neon/ubuntu-core/Neon/ci_build_iso] debian: draft to allow ci to produce iso's

Carlos De Maine null at kde.org
Mon Aug 12 04:29:43 BST 2024 

Git commit d9b5c6ef889f4c91833850a27375f8acf6255b52 by Carlos De Maine.
Committed on 12/08/2024 at 03:29.
Pushed by carlosdem into branch 'Neon/ci_build_iso'.

draft to allow ci to produce iso's

M  +3    -4    debian/.gitlab-ci-neon.yml
A  +46   -0    debian/neon-core-image-dangerous-iso.yml
A  +46   -0    debian/neon-core-image-signed-iso.yml

https://invent.kde.org/neon/ubuntu-core/-/commit/d9b5c6ef889f4c91833850a27375f8acf6255b52

diff --git a/debian/.gitlab-ci-neon.yml b/debian/.gitlab-ci-neon.yml
index fbdd84c..2f423d6 100644
--- a/debian/.gitlab-ci-neon.yml
+++ b/debian/.gitlab-ci-neon.yml
@@ -2,7 +2,6 @@
 # SPDX-License-Identifier: CC0-1.0
 
 include:
-  - project: sysadmin/ci-utilities
-    file:
-      - /gitlab-templates/snap-image-dangerous.yml
-#      - /gitlab-templates/snap-image-signed.yml
\ No newline at end of file
+  - local: debian/neon-core-models.yml
+  - local: debian/neon-core-image-dangerous-iso.yml
+  #- local: debian/neon-core-image-signed-iso.yml
diff --git a/debian/neon-core-image-dangerous-iso.yml b/debian/neon-core-image-dangerous-iso.yml
new file mode 100644
index 0000000..fa47168
--- /dev/null
+++ b/debian/neon-core-image-dangerous-iso.yml
@@ -0,0 +1,46 @@
+neon_core_image_dangerous:
+  rules:
+    # Allow manual trigger on `models.*` branches
+    - if: '$CI_COMMIT_BRANCH =~ /models\..*/'
+      when: manual
+    # Otherwise, only build the image+iso on master
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+      when: always
+    # Only let it run if the required variables are present
+    # These are normally defined on protected branches on our normal repository but we do the logic this way to allow someone else to set this up in their fork if they want
+    - if: '$SNAPCRAFT_STORE_CREDENTIALS == null || $SNAP_GPG_PRIVATE_KEY == null || $SNAP_GPG_OWNER_TRUST == null'
+      when: never
+  variables:
+    SNAPCRAFT_BUILD_ENVIRONMENT: "host"
+    SNAPCRAFT_MANAGED_MODE: "y"
+  tags:
+    - Snap
+  interruptible: true
+  script:
+    # get the missing plasma-desktop-session snap from the latest build...
+    - mkdir workspace/ && cd workspace/
+    - wget -O Snap_artifacts.zip "https://invent.kde.org/api/v4/projects/neon%2fsnap-packaging%2fplasma-desktop-session/jobs/artifacts/master/download?job=snap_snapcraft_lxd"
+    - unzip -e Snap_artifacts.zip
+    - mv .kde-ci-packages/plasma-desktop-session*.snap $CI_PROJECT_DIR/local-snaps/plasma-desktop-session.snap
+    - cd $CI_PROJECT_DIR
+
+    # build the image with the project's tooling
+    - echo building kde-neon-core in dangerous mode ...
+    - make dangerous-iso 2>&1 | tee task.log
+
+    # Create a folder to publish the files...
+    - mkdir -p $CI_PROJECT_DIR/.kde-ci-packages/
+    - mv -vf *.tar.gz $CI_PROJECT_DIR/.kde-ci-packages/
+    # Bring in the Notary Service tooling and ask it to publish for us please
+    #- git clone https://invent.kde.org/sysadmin/ci-notary-service
+    #- git clone https://invent.kde.org/sysadmin/ci-utilities
+    #- python3 -u ci-notary-service/publishbuild.py --config ci-utilities/signing/publishbuild.ini --platform snap-image "$CI_PROJECT_DIR/.kde-ci-packages/"
+  after_script:
+    # Cleanup local state
+    - git clean -dfx .
+  artifacts:
+    name: Dangerous image iso
+    when: always
+    paths:
+      - "task.log"
+    expire_in: 28 days
diff --git a/debian/neon-core-image-signed-iso.yml b/debian/neon-core-image-signed-iso.yml
new file mode 100644
index 0000000..5dfabf5
--- /dev/null
+++ b/debian/neon-core-image-signed-iso.yml
@@ -0,0 +1,46 @@
+neon_core_image_dangerous:
+  rules:
+    # Allow manual trigger on `models.*` branches
+    - if: '$CI_COMMIT_BRANCH =~ /models\..*/'
+      when: manual
+    # Otherwise, only build the image+iso on master
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+      when: always
+    # Only let it run if the required variables are present
+    # These are normally defined on protected branches on our normal repository but we do the logic this way to allow someone else to set this up in their fork if they want
+    - if: '$SNAPCRAFT_STORE_CREDENTIALS == null || $SNAP_GPG_PRIVATE_KEY == null || $SNAP_GPG_OWNER_TRUST == null'
+      when: never
+  variables:
+    SNAPCRAFT_BUILD_ENVIRONMENT: "host"
+    SNAPCRAFT_MANAGED_MODE: "y"
+  tags:
+    - Snap
+  interruptible: true
+  script:
+    # get the missing plasma-desktop-session snap from the latest build...
+    - mkdir workspace/ && cd workspace/
+    - wget -O Snap_artifacts.zip "https://invent.kde.org/api/v4/projects/neon%2fsnap-packaging%2fplasma-desktop-session/jobs/artifacts/master/download?job=snap_snapcraft_lxd"
+    - unzip -e Snap_artifacts.zip
+    - mv .kde-ci-packages/plasma-desktop-session*.snap $CI_PROJECT_DIR/local-snaps/plasma-desktop-session.snap
+    - cd $CI_PROJECT_DIR
+
+    # build the image with the project's tooling
+    - echo building kde-neon-core in signed mode ...
+    - make signed-iso 2>&1 | tee task.log
+
+    # Create a folder to publish the files...
+    - mkdir -p $CI_PROJECT_DIR/.kde-ci-packages/
+    - mv -vf *.tar.gz $CI_PROJECT_DIR/.kde-ci-packages/
+    # Bring in the Notary Service tooling and ask it to publish for us please
+    #- git clone https://invent.kde.org/sysadmin/ci-notary-service
+    #- git clone https://invent.kde.org/sysadmin/ci-utilities
+    #- python3 -u ci-notary-service/publishbuild.py --config ci-utilities/signing/publishbuild.ini --platform snap-image "$CI_PROJECT_DIR/.kde-ci-packages/"
+  after_script:
+    # Cleanup local state
+    - git clean -dfx .
+  artifacts:
+    name: Signed image iso
+    when: always
+    paths:
+      - "task.log"
+    expire_in: 28 days

More information about the Neon-commits mailing list